Critical Update: Safer Conditional Pipeline Routing
This critical update was introduced in the October 21, 2020 platform update and was applied to all Coveo organizations on January 7, 2021.
When an organization has multiple query pipelines, we recommend using the
searchHub-based conditional routing strategy.
In this scenario, the search token contains a
searchHub parameter, and each query pipeline except the default one has a distinct condition based on a specific
searchHub value (e.g., Search Hub is Community Search, Search Hub is Agent Panel, etc.). Thus, search requests are routed according to the search interface from which they originate.
Prior to this critical update, it was possible to bypass this whole routing mechanism by setting the
pipeline query parameter directly in the search request.
What Did This Update Cause?
When a search request is authenticated with a search token that enforces a
searchHub value, if the target organization contains a query pipeline whose condition is based on that same
searchHub value, the search request is now be routed to that pipeline, even if the
pipeline parameter is set to another pipeline in the search request.
In other words, it’s no longer be possible to override a well-implemented
searchHub-based conditional pipeline routing strategy by passing a
pipeline parameter in the search request.
What Must I Do to Comply With This Update?
In the majority of cases, this critical update causes no issues.
Still, we recommend that you do the following validations:
Step 1: Search for Pipelines With
You should validate if any pipelines in your organization have a condition based on a
searchHub value. If that’s not the case, this critical update won’t cause any issues in your solution.
- In the administration console, select Search > Query pipeline.
- In the table, search for query pipelines that have a
searchHub-based condition (e.g.,
Search Hub is MySearchHub).
Step 2: Validate Your Public Search Interfaces
If you have found at least one query pipeline with a
searchHub-based condition in the previous step, you should validate if any of your public Coveo-powered search interfaces are setting the
pipeline query parameter.
Here is a non-exhaustive list of potential search interfaces in a typical Coveo-powered solution:
- Standalone search boxes
- Search pages
- Recommendation interfaces
- Case deflection panels
- Insight panels
- Listing pages
If you’re using Coveo Cloud hosted search pages, you don’t have to test those.
To test whether a given search interface is setting the
pipeline query parameter:
In your browser, open your developer tools and select the Network tab.
Access the search interface you want to test.
Trigger a search request from the search interface. If the search interface has an input that can provide query suggestions (e.g., a search box), you should test both query and query suggestion requests.
In your browser tools, search for a POST request made against a Coveo search endpoint (e.g., you can use a filter such as
Look for the
pipelineparameter in the request URL (e.g.,
https://platform.cloud.coveo.com/rest/search/v2?pipeline=MyPipeline) and in its form data (e.g.,
If the search interface is setting the
pipeline parameter in its request URL, form data, or both, you must then validate if the search interface is authenticating its requests with a search token, and if so, whether that search token is setting the
In the request headers, search for the
If the token has the following form:
xx********-****-****-****-************, the search interface isn’t using search token authentication and won’t be causing any issues. You can test another search interface in your solution.
Otherwise, copy the entire token to your clipboard, access the jwt.io web site, and paste the token in the Encoded box.
In the decoded payload, search for the
pipeline parameter is in the search token, the search page won’t cause any issues. You can test another search interface in your solution.
However, if the
pipeline parameter isn’t set, and the
searchHub parameter is in the token, you must validate if any query pipeline in your organization has a condition based on that
searchHub value. If that’s the case, after applying the critical update, search requests sent from that search interface will be routed to that query pipeline instead of the one specified by the
pipeline parameter enforced through the search interface. This may change the behavior of your search interface in an undesired way, so you should make the necessary adjustments. You can make those adjustments on your own, and contact Coveo Support for guidance.
- What’s a Query Pipeline?
- Selecting Your Query Pipeline Routing Mechanism
- Search Token Authentication
- Enforcing the Search Hub in the Search Token