Internal Server Error when Posting a Document with .doc or .docx Extension

[Colin]

I've encountered an interesting error.

If I POST a document to a patient's chart that ends with a .doc or .docx extension (this is the actual file that's uploaded NOT the description) I get this Internal Server Error every time:

HTTP/1.1 500 Internal Server Error
{"timestamp":1.504037781770601E9,"error":"Internal Server Error"}

But, if I give it some other extension, such as .der, .dep, .dex, as tested examples, they POST just fine.

The problem is that when the document is downloaded from the patient chart it will have that extension applied to it.

I can manually upload .doc and .docx files without an issue using the web interface.

Any ideas?  Could somebody check this please?

Thanks,

-Colin

[Denis Malinovskiy]

We do an extra check for security to make sure the file's MIME type matches its contents. In your case, the MIME type returned is "application/octet-stream".  Do you know what Word format version you're using exactly?

--
You received this message because you are subscribed to the Google Groups "drchrono Medical Healthcare API SDK" group.
To unsubscribe from this group and stop receiving emails from it, send an email to drchrono-api...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Denis Malinovskiy

Software Engineer, drchrono

[Colin]

It's a true .docx format with this MIME type: application/vnd.openxmlformats-officedocument.wordprocessingml.document

[Denis Malinovskiy]

Interesting, we have this MIME type for ".docx" file extension.  Are you sure the filename ends with ".docx"?

[Colin]

Definitely .docx.  Maybe I'm messing up sending the MIME type.

That's the only thing I can think of...

[Denis Malinovskiy]

We don't check for the MIME type you're sending to us.

We should return a better return message to you, of course, not HTTP 500.

If you can send a file example without PHI which is producing 500 errors I can troubleshoot it on our end.

[Colin]

Thanks Denis.

Do you mean the actual .docx file or like a Java example?

[Denis Malinovskiy]

The actual .docx file.

[Colin]

Attached.

As I mentioned, if I name it .docs (or anything other than .doc or .docx) it uploads just fine via the API.

[Denis Malinovskiy]

When I'm running "file -i test.docx", it returns me "application/octet-stream".  I tried my own .docx file and got "application/vnd.openxmlformats-officedocument.wordprocessingml.document".  Is there anything unusual in a way you're creating this file?

[Colin]

Thanks Denis!

That was exactly the clue I needed.  The software we're using to generate the .docx file wasn't setting the MIME type properly.

[Denis Malinovskiy]

Cool, I hope it'll help you resolve this issue, Colin.

[Colin]

Hi Denis,

So the library we're using generates the .docx files using a ZipOutputStream.  Of course .docx files are really just zip files but with a slightly different header.

Most .docx files have this header: 50 4B 03 04 14 00 06 00 08

While ZipFiles (and some .docx implementations using ZipOutputStream) have this header: 50 4B 03 04 14 00 08 08 08

This is why file -i is showing the application/octet-stream for those .docx files.

But they're still valid Word .docx files and open fine.

Is there anything we can do to make this work?

Thanks,

-Colin

[Denis Malinovskiy]

I guess we can enable this MIME type for docx files but it's too broad and won't give any real protection against uploading malicious content.  I'm not sure how to resolve it the easy way.

--
You received this message because you are subscribed to the Google Groups "drchrono Medical Healthcare API SDK" group.
To unsubscribe from this group and stop receiving emails from it, send an email to drchrono-api...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Colin]

Do you know what you use to determine the MIME type?  I know on Linux systems we could alter the magic header file to include the additional checks for ZIP headers+ the specific Word XML section.  That would solve both problems.

[Denis Malinovskiy]

We're using a Python wrapper around libmagic library.

[Colin]

Hi Denis,

Quick follow-up.

I was able to modify the local magic file to work with the different format.  I discovered it wasn't the header but the order of one of the XML elements in the Word .docx file that was throwing off the default magic file's entry for the correct MIME type.

So, I made a small change to the open source Java library we're using to generate the Word Docs, ordering the XML element as expected, and it uploads just fine.

Consider this now a non-issue.

Thanks!

-Colin

[Denis Malinovskiy]

Oh, thanks for fixing it, Colin!  It's always a big pleasure when we don't have to do anything... :)

--
You received this message because you are subscribed to the Google Groups "drchrono Medical Healthcare API SDK" group.
To unsubscribe from this group and stop receiving emails from it, send an email to drchrono-api...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.