Django - Uploaded file type validation

You approach will not work: As an attacker, I could simply forge the HTML header to send you anything with the mime type text/plain.

The correct solution is to use a tool like file(1) on Unix to examine the content of the file to determine what it is. Note that there is no good way to know whether something is really plain text. If the file is saved in 16 bit Unicode, the "plain text" can even contain 0 bytes.

See this question for options how to do this: How to find the mime type of a file in python?