Content-Security-Policy in report-only mode

If I set a configuration object to csp, and that configuration object contains reportOnly: true, then beside of Content-Security-Policy-Report-Only header Content-Security-Policy is also added with default settings. This was the intent? Because it prevents monitoring and testing custom policies.