HTTPS will be enforced across all Bold360ai web application touchpoints going forward and HTTP-only widget configurations will no longer be supported as of December 31, 2021.
Access to the Genesys DX AI management (*.nanorep.co) will only be accessible through HTTPS.
Why is this happening?
Encrypted communication is essential for safe transmission of data between the web server and browsers. Unlike HTTP, HTTPS establishes a secure connection by encrypting data.
If an application does not use HTTPS, it is vulnerable to information disclosure and MITM attacks which attempt to strip encryption between the server and the client.
Changes in the Bold360ai
After the change is introduced to the servers, you can only reach the servers through HTTPS. Servers are going to deny ALL HTTP requests.
Required actions
Bold360ai admin site |
If admins try to reach the site through HTTP, the server denies access. |
Deployed widgets |
Widgets use the protocol of the site visitor, so if the widget does not enforce HTTPS communication, the widget appears broken to the visitor. Note: The change does not affect widgets with enforced HTTPS configuration. |
API endpoint calls |
API calls where the protocol is HTTP get a deny response from the server. |