import json
def main(request, response):
    headers = [("Content-Type", "text/html")]
    if "allow_csp_from" in request.GET:
        headers.append(("Allow-CSP-From", request.GET["allow_csp_from"]))
    message = request.GET["id"]
    return headers, '''
<!DOCTYPE html>
<html>
<head>
    <title>This page enforces embedder's policies</title>
    <script nonce="123">
        document.addEventListener("securitypolicyviolation", function(e) {
            var response = {};
            response["id"] = "%s";
            response["securitypolicyviolation"] = true;
            response["blockedURI"] = e.blockedURI;
            response["lineNumber"] = e.lineNumber;
            window.top.postMessage(response, '*');
        });
    </script>
</head>
<body>
    <style>
        body {
            background-color: maroon;
        }
    </style>
    <script nonce="abc"> 
        var response = {};
        response["id"] = "%s";
        response["loaded"] = true;
        window.top.postMessage(response, '*');
    </script>
</body>
</html>
''' % (message, message)