From 05dfd34fd0dff34b64fb47e0dd1716c8bdbddfac Mon Sep 17 00:00:00 2001
From: Simon Willison <swillison@gmail.com>
Date: Thu, 15 Aug 2024 08:48:47 -0700
Subject: [PATCH] Use text/html for CSRF error page, refs #2390

---
 datasette/app.py   | 5 +++--
 tests/test_html.py | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/datasette/app.py b/datasette/app.py
index 1363bc5c92..fa5e90e335 100644
--- a/datasette/app.py
+++ b/datasette/app.py
@@ -1661,11 +1661,12 @@ async def setup_db():
         async def custom_csrf_error(scope, send, message_id):
             await asgi_send(
                 send,
-                await self.render_template(
+                content=await self.render_template(
                     "csrf_error.html",
                     {"message_id": message_id, "message_name": Errors(message_id).name},
                 ),
-                403,
+                status=403,
+                content_type="text/html; charset=utf-8",
             )
 
         asgi = asgi_csrf.asgi_csrf(
diff --git a/tests/test_html.py b/tests/test_html.py
index c559f0c295..ae27048633 100644
--- a/tests/test_html.py
+++ b/tests/test_html.py
@@ -1171,4 +1171,5 @@ async def test_custom_csrf_error(ds_client):
         cookies={"csrftoken": "x"},
     )
     assert response.status_code == 403
+    assert response.headers["content-type"] == "text/html; charset=utf-8"
     assert "Error code is FORM_URLENCODED_MISMATCH." in response.text