Adding “charset” to all ASP.NET MVC HTTP responses

Question

Is there an easy way to specify all "normal" views is an ASP.NET MVC app are to have charset=utf-8 appended to the Content-Type? View() lacks an override that allows you to specify the Content-Type, and ActionResult and friends don't seem to expose anything, either. The motivation is obviously to work around Internet Explorer guessing the "correct" encoding type, which I in turn want to do to avoid UTF-7 XSS attacks.

Answer 1

Maybe this in your web.config will do the magic?

<configuration>
  <system.web>
    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
  </system.web>
</configuration>

Answer 2

You could write an attribute for it:

public class CharsetAttribute : ActionFilterAttribute
{
    public override void OnActionExecuted(ActionExecutedContext filterContext)
    {
        filterContext.HttpContext.Response.Headers["Content-Type"] += ";charset=utf-8";
    }
}

Feel free to make it a bit smarter, but that's the general idea. Add it to your base controller class and your whole app is covered.

Answer 3

In MVC 5 this can do the trick:

public class ResponseCharset : ActionFilterAttribute
{
    private string Charset;

    public ResponseCharset(string charset = "utf-8") {
        Charset = charset;
    }

    public override void OnActionExecuted(HttpActionExecutedContext filterContext)
    {
        filterContext.Response.Content.Headers.ContentType.CharSet = Charset;
    }
} 

Usage:

public class OrderDetailsController : ApiController
{
    [ResponseCharset("utf-8")]  // can be windows-1251 etc.
    public Object Get(string orderId)
    {
       // ....
    }
}

Based on @craig-stuntz 's idea.

Of course you need to ensure you give right response encoding i.e. content's encoding should match to that, specified in ResponseCharset attribute.

It helped me a lot when I was testing some mvc code with Chrome, because it does not specify encoding in the accept header.