THIS IS ARCHIVED DOCUMENTATION

Ajax Error 500 When Using Special Characters in a Query

Symptoms

When performing a query using special characters in a Coveo-powered search page, your browser console displays an error like the following:

Uncaught (in promise) e {message: "Request Error", status: 500, type: "Ajax Error (status: 500)", name: "Ajax Error (status: 500)"}

Notably, using <, >, or # in a search query renders the search page ineffective, even after clearing the search box.

Cause

ASP.NET validates any incoming request by looking for potentially dangerous characters, such as <, >, and #.

In Hive search pages, the query is then stored in the browser local storage __coveo.analytics.history key. Every subsequent query will use this value as actionsHistory in its call headers. This is why subsequent queries continue to trigger the error, even if the user cleans the search box.

Out-of-the-box Legacy search pages don’t use actionsHistory in their calls, and therefore don’t lock up following a potentially dangerous query.

Resolution

For Sitecore 7 and 8 instances, the issue has been resolved in the March 2020 release of Coveo for Sitecore 4.1.

Workaround

Regardless of the Sitecore version you have, you can disable the special character validation on requests executed under /coveo/rest.

  1. Open the <SITECORE_INSTANCE_ROOT>\Website\web.config file (for Sitecore 7 and 8 instances) or the <SITECORE_INSTANCE_ROOT>\web.config file (for Sitecore 9 instances) in a text editor.
  2. Locate the <system.web> element.

    <system.web>
      <!-- If requestValidationMode attribute of httRuntime node is set to 2.0,
           Sitecore requires this setting to be set to "false" for Sitecore client to work and it shouldn't be changed.
           You can however set ValidateRequest attribute in the @Page directive to "true" for your layout .aspx files.
      -->
    
  3. Just ahead of the <system.web> element, add the <location path="coveo/rest"> element shown below.

    <location path="coveo/rest">
      <system.web>
         <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
      </system.web>
    </location>
    <system.web>
      <!-- If requestValidationMode attribute of httRuntime node is set to 2.0,
           Sitecore requires this setting to be set to "false" for Sitecore client to work and it shouldn't be changed.
           You can however set ValidateRequest attribute in the @Page directive to "true" for your layout .aspx files.
      -->
    
  4. Save your changes.