Feature Requests
Share ideas, discuss and vote on requests from other users in community
 
This object is in archive! 

Allow attachments to be served over SSL

hostdark shared this idea 4 years ago
Under Consideration

Currently if you have a website with HSTS or strict SSL security, attachments will become corrupt when you attempt to view them and end your administrative session.

WHMCS: "Attachments are not served over HTTPS connections at this time."

Not only is SSL more secure for transferring traffic, but disabling SSL is more complex than WHMCS allowing attachments to be served over SSL. HSTS does not allow your website to be served over http protocol for a certain amount of time (6 months usually) so to disable SSL to view attachments is illogical and can cause a major headache. If this was simply allowed to be served over HTTPS, this would be a lot more secure, simpler, and easier on administration and clients alike.

Comments (1)

photo
1

One of the problems was historically serving file downloads over SSL using PHP passthru methods was incompatible with some browsers. Nowadays that's likely not sure a big issue, but that's the reasoning behind this being the way it is.