{{- /* 1. Generate a unique, random nonce for this request */ -}}
{{- $nonce := uuidv4 -}}

{{- /* 2. Build a secure CSP string. Practical compromise: keep
     script-src strict (nonce required), but allow runtime-injected styles by using
     'unsafe-inline' for styles and NOT including a nonce for style-src. This avoids
     the browser ignoring 'unsafe-inline' when a nonce is present. */ -}}
{{- $csp := printf "default-src 'self'; script-src 'self' 'nonce-%s' https://o4509122860941312.ingest.de.sentry.io; style-src 'self' 'unsafe-inline'; font-src 'self'; worker-src 'self' blob:; img-src 'self' blob: data:; media-src 'self' blob:; connect-src 'self' https://o4509122860941312.ingest.de.sentry.io https://*.canvaspro.tech wss://*.canvaspro.tech; object-src 'none'; frame-ancestors 'none';" $nonce -}}

{{- /* 3. Set the response header from within the template */ -}}
{{- .RespHeader.Set "Content-Security-Policy" $csp -}}

<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta
      http-equiv="CACHE-CONTROL"
      content="NO-CACHE" />
    <meta
      http-equiv="Pragma"
      content="no-cache" />
    <meta
      http-equiv="Expires"
      content="0" />
    <meta
      http-equiv="X-UA-Compatible"
      content="IE=edge" />
    <meta
      name="viewport"
      content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=no,viewport-fit=cover,interactive-widget=resizes-content" />
    <!-- PWA Meta Tags for iOS -->
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
    <meta name="apple-mobile-web-app-title" content="CanvasPro" />
    <meta name="mobile-web-app-capable" content="yes" />
    <meta name="theme-color" content="#0d0d0f" />
    <!-- PWA Manifest -->
    <link rel="manifest" href="./manifest.json" />
    <!-- Apple Touch Icon for iOS home screen -->
    <link rel="apple-touch-icon" href="./apple-touch-icon.png" />
    <link
      rel="icon"
      rel="preload"
      href="/assets/Favicon/CanvasPro.ico" />
    <title>CanvasPro</title>
    <script type="module" crossorigin src="./assets/index.js"></script>
    <link rel="modulepreload" crossorigin href="./assets/rolldown-runtime.js">
    <link rel="modulepreload" crossorigin href="./assets/configure.js">
    <link rel="modulepreload" crossorigin href="./assets/vendor-other.js">
    <link rel="modulepreload" crossorigin href="./assets/onair-control.js">
    <link rel="modulepreload" crossorigin href="./assets/queue-deck.js">
    <link rel="modulepreload" crossorigin href="./assets/vendor-vuetify.js">
    <link rel="stylesheet" crossorigin href="./assets/configure.css">
    <link rel="stylesheet" crossorigin href="./assets/vendor-other.css">
    <link rel="stylesheet" crossorigin href="./assets/onair-control.css">
    <link rel="stylesheet" crossorigin href="./assets/queue-deck.css">
    <link rel="stylesheet" crossorigin href="./assets/vendor-vuetify.css">
    <link rel="stylesheet" crossorigin href="./assets/index.css">
    <link rel="stylesheet" crossorigin href="./assets/vendor-icons.css">
  </head>
  <style>
    :root {
      --vh: 1vh;
    }
    html {
      overflow: hidden;
      height: 100%;
      height: -webkit-fill-available;
      height: calc(var(--vh, 1vh) * 100);
      /* Use dark mode color so gaps blend in */
      background-color: #1a1a1f;
      /* iOS: Ensure no extra space at bottom */
      position: fixed;
      width: 100%;
    }
    body {
      overflow: hidden;
      height: 100%;
      min-height: -webkit-fill-available;
      height: calc(var(--vh, 1vh) * 100);
      margin: 0;
      padding: 0;
      /* Use dark mode color so gaps blend in */
      background-color: #1a1a1f;
      /* iOS: Fixed positioning to prevent keyboard space reservation */
      position: fixed;
      width: 100%;
      top: 0;
      left: 0;
      right: 0;
      bottom: 0;
    }
    #app {
      overflow: hidden;
      height: 100%;
      height: -webkit-fill-available;
      height: calc(var(--vh, 1vh) * 100);
      width: 100%;
      /* iOS: Ensure app fills the fixed body */
      position: absolute;
      top: 0;
      left: 0;
      right: 0;
      bottom: 0;
    }
    /* Prevent iOS bounce/scroll */
    html, body {
      overscroll-behavior: none;
      -webkit-overflow-scrolling: touch;
    }
    /* iOS PWA standalone mode - use darker base background for safe areas */
    @media all and (display-mode: standalone) {
      html, body {
        background-color: #0d0d0f !important; /* Darker for safe areas */
      }
      /* Top: Status bar background */
      body::before {
        content: '';
        position: fixed;
        top: 0;
        left: 0;
        right: 0;
        height: env(safe-area-inset-top);
        background-color: #0d0d0f;
        z-index: 999999;
      }
    }
    /* Also support body class for iOS standalone (set by JavaScript) */
    body.ios-standalone {
      background-color: #0d0d0f !important;
    }
    body.ios-standalone::before {
      content: '';
      position: fixed;
      top: 0;
      left: 0;
      right: 0;
      height: env(safe-area-inset-top);
      background-color: #0d0d0f;
      z-index: 999999;
    }
  </style>
  <body>
    <div id="app"></div>
    <!-- built files will be auto injected -->
  </body>
</html>