Use text/html for CSRF error page, refs #2390

simonw · Aug 15, 2024 · 05dfd34 · 05dfd34
1 parent 160d82f
commit 05dfd34
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/datasette/app.py b/datasette/app.py
@@ -1661,11 +1661,12 @@ async def setup_db():
         async def custom_csrf_error(scope, send, message_id):
             await asgi_send(
                 send,
-                await self.render_template(
+                content=await self.render_template(
                     "csrf_error.html",
                     {"message_id": message_id, "message_name": Errors(message_id).name},
                 ),
-                403,
+                status=403,
+                content_type="text/html; charset=utf-8",
             )
 
         asgi = asgi_csrf.asgi_csrf(

diff --git a/tests/test_html.py b/tests/test_html.py
@@ -1171,4 +1171,5 @@ async def test_custom_csrf_error(ds_client):
         cookies={"csrftoken": "x"},
     )
     assert response.status_code == 403
+    assert response.headers["content-type"] == "text/html; charset=utf-8"
     assert "Error code is FORM_URLENCODED_MISMATCH." in response.text