Ajax error 500 when using special characters in a query

This is for:

In this article

Symptoms
Cause

Symptoms

When performing a query using special characters in a Coveo-powered search page, your browser console displays an error like the following:

Uncaught (in promise) e {message: "Request Error", status: 500, type: "Ajax Error (status: 500)", name: "Ajax Error (status: 500)"}

Notably, using <, >, or # in a search query renders the search page ineffective, even after clearing the search box.

Cause

ASP.NET validates any incoming request by looking for potentially dangerous characters, such as <, >, and #. The query is then stored in the browser local storage __coveo.analytics.history key. Every subsequent query will use this value as actionsHistory in its call headers. This is why subsequent queries can continue to trigger the error, even if the user cleans the search box.

Workaround

You can disable the special character validation on requests executed under /coveo/rest.

Open the <SITECORE_INSTANCE_ROOT>\web.config file in a text editor.

Locate the <system.web> element.

<system.web>
  <!-- If requestValidationMode attribute of httRuntime node is set to 2.0,
       Sitecore requires this setting to be set to "false" for Sitecore client to work and it shouldn't be changed.
       You can however set ValidateRequest attribute in the @Page directive to "true" for your layout .aspx files.
  -->

Just ahead of the <system.web> element, add the <location path="coveo/rest"> element shown below.

<location path="coveo/rest">
  <system.web>
     <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
  </system.web>
</location>
<system.web>
  <!-- If requestValidationMode attribute of httRuntime node is set to 2.0,
       Sitecore requires this setting to be set to "false" for Sitecore client to work and it shouldn't be changed.
       You can however set ValidateRequest attribute in the @Page directive to "true" for your layout .aspx files.
  -->

Save your changes.