Fixed #33567 -- Avoided setting default text/html content type on responses.

django/views/csrf.py

@@ -157,4 +157,4 @@ def csrf_failure(request, reason="", template_name=CSRF_FAILURE_TEMPLATE_NAME):
         else:
             # Raise if a developer-specified template doesn't exist.
             raise
-    return HttpResponseForbidden(t.render(c), content_type="text/html")
+    return HttpResponseForbidden(t.render(c))

django/views/debug.py

@@ -64,7 +64,7 @@ def technical_500_response(request, exc_type, exc_value, tb, status_code=500):
     reporter = get_exception_reporter_class(request)(request, exc_type, exc_value, tb)
     if request.accepts("text/html"):
         html = reporter.get_traceback_html()
-        return HttpResponse(html, status=status_code, content_type="text/html")
+        return HttpResponse(html, status=status_code)
     else:
         text = reporter.get_traceback_text()
         return HttpResponse(
@@ -597,7 +597,7 @@ def technical_404_response(request, exception):
             "raising_view_name": get_caller(request),
         }
     )
-    return HttpResponseNotFound(t.render(c), content_type="text/html")
+    return HttpResponseNotFound(t.render(c))
 
 
 def default_urlconf(request):
@@ -610,4 +610,4 @@ def default_urlconf(request):
         }
     )
 
-    return HttpResponse(t.render(c), content_type="text/html")
+    return HttpResponse(t.render(c))

django/views/defaults.py

@@ -62,7 +62,6 @@ def page_not_found(request, exception, template_name=ERROR_404_TEMPLATE_NAME):
     try:
         template = loader.get_template(template_name)
         body = template.render(context, request)
-        content_type = None  # Django will use 'text/html'.
     except TemplateDoesNotExist:
         if template_name != ERROR_404_TEMPLATE_NAME:
             # Reraise if it's a missing custom template.
@@ -77,8 +76,7 @@ def page_not_found(request, exception, template_name=ERROR_404_TEMPLATE_NAME):
             },
         )
         body = template.render(Context(context))
-        content_type = "text/html"
-    return HttpResponseNotFound(body, content_type=content_type)
+    return HttpResponseNotFound(body)
 
 
 @requires_csrf_token
@@ -97,7 +95,6 @@ def server_error(request, template_name=ERROR_500_TEMPLATE_NAME):
             raise
         return HttpResponseServerError(
             ERROR_PAGE_TEMPLATE % {"title": "Server Error (500)", "details": ""},
-            content_type="text/html",
         )
     return HttpResponseServerError(template.render())
 
@@ -118,7 +115,6 @@ def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):
             raise
         return HttpResponseBadRequest(
             ERROR_PAGE_TEMPLATE % {"title": "Bad Request (400)", "details": ""},
-            content_type="text/html",
         )
     # No exception content is passed to the template, to not disclose any
     # sensitive information.
@@ -147,7 +143,6 @@ def permission_denied(request, exception, template_name=ERROR_403_TEMPLATE_NAME)
             raise
         return HttpResponseForbidden(
             ERROR_PAGE_TEMPLATE % {"title": "403 Forbidden", "details": ""},
-            content_type="text/html",
         )
     return HttpResponseForbidden(
         template.render(request=request, context={"exception": str(exception)})

tests/csrf_tests/tests.py

@@ -375,6 +375,7 @@ class CsrfViewMiddlewareTestMixin(CsrfFunctionTestMixin):
         with self.assertLogs("django.security.csrf", "WARNING") as cm:
             resp = mw.process_view(req, post_form_view, (), {})
         self.assertEqual(403, resp.status_code)
+        self.assertEqual(resp["Content-Type"], "text/html; charset=utf-8")
         self.assertEqual(cm.records[0].getMessage(), "Forbidden (%s): " % expected)
 
     def test_csrf_cookie_bad_or_missing_token(self):

tests/httpwrappers/tests.py

@@ -539,7 +539,6 @@ class HttpResponseSubclassesTests(SimpleTestCase):
         response = HttpResponseRedirect(
             "/redirected/",
             content="The resource has temporarily moved",
-            content_type="text/html",
         )
         self.assertContains(
             response, "The resource has temporarily moved", status_code=302
@@ -592,7 +591,7 @@ class HttpResponseSubclassesTests(SimpleTestCase):
         self.assertEqual(response.status_code, 405)
         # Standard HttpResponse init args can be used
         response = HttpResponseNotAllowed(
-            ["GET"], content="Only the GET method is allowed", content_type="text/html"
+            ["GET"], content="Only the GET method is allowed"
         )
         self.assertContains(response, "Only the GET method is allowed", status_code=405)
 

tests/responses/test_fileresponse.py

@@ -101,8 +101,10 @@ class FileResponseTests(SimpleTestCase):
         self.assertEqual(response.headers["Content-Type"], "video/webm")
 
     def test_content_type_buffer_explicit_default(self):
-        response = FileResponse(io.BytesIO(b"binary content"), content_type="text/html")
-        self.assertEqual(response.headers["Content-Type"], "text/html")
+        response = FileResponse(
+            io.BytesIO(b"binary content"), content_type="text/html; charset=utf-8"
+        )
+        self.assertEqual(response.headers["Content-Type"], "text/html; charset=utf-8")
 
     def test_content_type_buffer_named(self):
         test_tuples = (