blocked domain === domain the site runs on?

[zero-24]

{
    "csp-report": {
        "document-uri": "https://www.example.org/...",
        "referrer": "",
        "violated-directive": "img-src 'self'",
        "original-policy": "default-src 'self';",
        "blocked-uri": "https://www.example.org"
    }
}

UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b

Where "example.org" is replaced by the live domain. I guess it is something about Big Preview but I have no idea wtf is happening there. As 'self' is allowed so the domain the rule run on should be allowed.

[nico3333fr]

Well, this is a WTF :)

A website tried to embed one of your images without sending a referrer?

[zero-24]

I think it has something todo with the UserAgent as this just happen with BingPreview ;) But I don't understand what is happening there.

[nico3333fr]

Yes, I was not able to reproduce. :-\

[zero-24]

How did you try to reproduce it? As I think the issue has something todo with the BingPreview Bot.

[nico3333fr]

Sorry, I didn't understood well, I've tried Bing photo preview.

How do you reproduce this preview?

[zero-24]

This the problem i have not found a way to reproduce this issue. On the site i have deployed the rules i was getting this reports lately but i have not figured out how to reproduce this. So i decided to report it here if someone else also got this error in the logs.

[nico3333fr]

Great, I'm closing this issue, do not hesitate to reopen of open a new one if you have news :)