{% extends 'admin/master.html' %}

{% block head_tail %}
  <style>
    .insecure-style {
      color: red;
    }
  </style>
  <style {{ admin_csp_nonce_attribute }}>
    .secure-style {
      color: green;
    }
  </style>
{% endblock head_tail %}
{% block body %}
{{ super() }}
<div class="container">
    <div class="row">
        <div class="col-sm-10 col-sm-offset-1">
            <h1>Flask-Admin Content-Security-Policy (CSP) example</h1>
            <p class="lead">
                Simple admin views, not related to models.
            </p>
            <p class="secure-style">
                I have an inline style applied that passes CSP checks because I've injected a nonce value.
            </p>
            <p class="insecure-style">
                But I don't have any styling applied because CSP is protecting me.
            </p>
            <a class="btn btn-primary" href="/"><i class="glyphicon glyphicon-chevron-left"></i> Back</a>
        </div>
    </div>
</div>
{% endblock body %}