Ajax Error 500 When Using Special Characters in a Query
Ajax Error 500 When Using Special Characters in a Query
Symptoms
When performing a query using special characters in a Coveo-powered search page, your browser console displays an error like the following:
Uncaught (in promise) e {message: "Request Error", status: 500, type: "Ajax Error (status: 500)", name: "Ajax Error (status: 500)"}
Notably, using <
, >
, or #
in a search query renders the search page ineffective, even after clearing the search box.
Cause
ASP.NET validates any incoming request by looking for potentially dangerous characters, such as <
, >
, and #
.
In Hive search pages, the query is then stored in the browser local storage __coveo.analytics.history
key. Every subsequent query will use this value as actionsHistory
in its call headers. This is why subsequent queries continue to trigger the error, even if the user cleans the search box.
Out-of-the-box Legacy search pages don’t use actionsHistory
in their calls, and therefore don’t lock up following a potentially dangerous query.
Resolution
For Sitecore 7 and 8 instances, the issue has been resolved in the March 2020 release of Coveo for Sitecore 4.1.
Workaround
Regardless of the Sitecore version you have, you can disable the special character validation on requests executed under /coveo/rest
.
- Open the
<SITECORE_INSTANCE_ROOT>\Website\web.config
file (for Sitecore 7 and 8 instances) or the<SITECORE_INSTANCE_ROOT>\web.config
file (for Sitecore 9 instances) in a text editor. -
Locate the
<system.web>
element.<system.web> <!-- If requestValidationMode attribute of httRuntime node is set to 2.0, Sitecore requires this setting to be set to "false" for Sitecore client to work and it shouldn't be changed. You can however set ValidateRequest attribute in the @Page directive to "true" for your layout .aspx files. -->
-
Just ahead of the
<system.web>
element, add the<location path="coveo/rest">
element shown below.<location path="coveo/rest"> <system.web> <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" /> </system.web> </location> <system.web> <!-- If requestValidationMode attribute of httRuntime node is set to 2.0, Sitecore requires this setting to be set to "false" for Sitecore client to work and it shouldn't be changed. You can however set ValidateRequest attribute in the @Page directive to "true" for your layout .aspx files. -->
- Save your changes.