Skip to content

CCM-13489: allow docx upload#125

Open
harrim91 wants to merge 6 commits intomainfrom
feature/CCM-13489_docx-upload-pages
Open

CCM-13489: allow docx upload#125
harrim91 wants to merge 6 commits intomainfrom
feature/CCM-13489_docx-upload-pages

Conversation

@harrim91
Copy link
Contributor

@harrim91 harrim91 commented Feb 3, 2026
edited
Loading

Description

Supports NHSDigital/nhs-notify-web-template-management#808

Extends the WAF to allow docx file uploads to new template page paths:

  • /templates/upload-standard-english-letter-template
  • /templates/upload-large-print-letter-template
  • /templates/upload-other-language-letter-template
  • /templates/upload-british-sign-language-letter-template

Maintains existing rules on PDF uploads.

New docx rules mirror the existing PDF validation logic - docx validation requires all of:

  • path match
  • multipart/form-data
  • application/vnd.openxmlformats-officedocument.wordprocessingml.document mime type within multipart request
  • PK\x03\x04 magic bytes (docx zip header)

Context

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming
  • If I have used the 'skip-trivy-package' label I have done so responsibly and in the knowledge that this is being fixed as part of a separate ticket/PR.

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@harrim91 harrim91 requested a review from a team as a code owner February 3, 2026 13:33
@harrim91 harrim91 mentioned this pull request Feb 3, 2026
Open
11 tasks
bhansell1
bhansell1 previously approved these changes Feb 4, 2026
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 4, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bhansell1 bhansell1 bhansell1 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@harrim91 @bhansell1