diff --git a/client/src/app-components/ticket-event.js b/client/src/app-components/ticket-event.js
index 719f417d..c088932f 100644
--- a/client/src/app-components/ticket-event.js
+++ b/client/src/app-components/ticket-event.js
@@ -223,26 +223,9 @@ class TicketEvent extends React.Component {
         const fileName = filePath.replace(/^.*[\\\/]/, '');
 
         return (
-            <span onClick={this.onFileClick.bind(this, filePath)}>{fileName}</span>
+            <a href={API.getFileLink(filePath)}>{fileName}</a>
         )
     }
-
-    onFileClick(filePath) {
-        API.call({
-            path: '/system/download',
-            plain: true,
-            data: {
-                file: filePath
-            }
-        }).then((result) => {
-            let contentType = 'application/octet-stream';
-            let link = document.createElement('a');
-            let blob = new Blob([result], {'type': contentType});
-            link.href = window.URL.createObjectURL(blob);
-            link.download = filePath;
-            link.click();
-        });
-    }
 }
 
 export default TicketEvent;
diff --git a/client/src/app-components/ticket-viewer.js b/client/src/app-components/ticket-viewer.js
index c00b875a..ff21c462 100644
--- a/client/src/app-components/ticket-viewer.js
+++ b/client/src/app-components/ticket-viewer.js
@@ -323,6 +323,7 @@ class TicketViewer extends React.Component {
 
         API.call({
             path: '/ticket/comment',
+            dataAsForm: true,
             data: _.extend({
                 ticketNumber: this.props.ticket.ticketNumber
             }, formState)
diff --git a/client/src/app/admin/admin-login-page.js b/client/src/app/admin/admin-login-page.js
index 9d7f2770..54d38d5d 100644
--- a/client/src/app/admin/admin-login-page.js
+++ b/client/src/app/admin/admin-login-page.js
@@ -3,6 +3,7 @@ import _ from 'lodash';
 import {connect}  from 'react-redux';
 
 import i18n from 'lib-app/i18n';
+import API from 'lib-app/api-call';
 import SessionActions from 'actions/session-actions';
 
 import Form from 'core-components/form';
@@ -16,7 +17,7 @@ class AdminLoginPage extends React.Component {
         return (
             <div className="admin-login-page">
                 <Widget className="admin-login-page__content">
-                    <div className="admin-login-page__image"><img width="100%" src="/images/logo.png" alt="OpenSupports Admin Panel"/></div>
+                    <div className="admin-login-page__image"><img width="100%" src={API.getURL() + '/images/logo.png'} alt="OpenSupports Admin Panel"/></div>
                     <div className="admin-login-page__login-form">
                         <Form onSubmit={this.onSubmit.bind(this)} loading={this.props.session.pending}>
                             <FormField name="email" label={i18n('EMAIL')} field="input" validation="EMAIL" fieldProps={{size:'large'}} required />
diff --git a/client/src/app/admin/panel/admin-panel-staff-widget.js b/client/src/app/admin/panel/admin-panel-staff-widget.js
index 913f151d..f44a7dc4 100644
--- a/client/src/app/admin/panel/admin-panel-staff-widget.js
+++ b/client/src/app/admin/panel/admin-panel-staff-widget.js
@@ -3,6 +3,7 @@ import classNames from 'classnames';
 import {connect}  from 'react-redux';
 
 import i18n from 'lib-app/i18n';
+import API from 'lib-app/api-call';
 import Button from 'core-components/button';
 import SessionActions from 'actions/session-actions';
 
@@ -24,7 +25,7 @@ class AdminPanelStaffWidget extends React.Component {
                     </div>
                 </div>
                 <div className="admin-panel-staff-widget__profile-pic-wrapper">
-                    <img className="admin-panel-staff-widget__profile-pic" src={this.props.session.userProfilePic} />
+                    <img className="admin-panel-staff-widget__profile-pic" src={(this.props.session.userProfilePic) ? API.getFileLink(this.props.session.userProfilePic) : (API.getURL() + '/images/logo.png')} />
                 </div>
             </div>
         );
diff --git a/client/src/app/admin/panel/admin-panel-staff-widget.scss b/client/src/app/admin/panel/admin-panel-staff-widget.scss
index 1de336ad..b75184d3 100644
--- a/client/src/app/admin/panel/admin-panel-staff-widget.scss
+++ b/client/src/app/admin/panel/admin-panel-staff-widget.scss
@@ -8,6 +8,7 @@
     text-align: center;
 
     &__profile-pic-wrapper {
+        background-color: white;
         position: absolute;
         top: 8px;
         border: 4px solid $grey;
diff --git a/client/src/app/admin/panel/staff/staff-editor.js b/client/src/app/admin/panel/staff/staff-editor.js
index a173bc1f..ea4e056d 100644
--- a/client/src/app/admin/panel/staff/staff-editor.js
+++ b/client/src/app/admin/panel/staff/staff-editor.js
@@ -73,7 +73,7 @@ class StaffEditor extends React.Component {
                             </div>
                             <label className={this.getPictureWrapperClass()}>
                                 <div className="staff-editor__card-pic-background"></div>
-                                <img className="staff-editor__card-pic" src={this.props.profilePic} />
+                                <img className="staff-editor__card-pic" src={(this.props.profilePic) ? API.getFileLink(this.props.profilePic) : (API.getURL() + '/images/logo.png')} />
                                 {(this.state.loadingPicture) ? <Loading className="staff-editor__card-pic-loading" size="large"/> : <Icon className="staff-editor__card-pic-icon" name="upload" size="4x"/>}
                                 <input className="staff-editor__image-uploader" type="file" multiple={false} accept="image/x-png,image/gif,image/jpeg" onChange={this.onProfilePicChange.bind(this)}/>
                             </label>
@@ -306,6 +306,7 @@ class StaffEditor extends React.Component {
 
         API.call({
             path: '/staff/edit',
+            dataAsForm: true,
             data: {
                 staffId: this.props.staffId,
                 file: event.target.files[0]
diff --git a/client/src/app/admin/panel/staff/staff-editor.scss b/client/src/app/admin/panel/staff/staff-editor.scss
index 4b6f8684..6a48b2c3 100644
--- a/client/src/app/admin/panel/staff/staff-editor.scss
+++ b/client/src/app/admin/panel/staff/staff-editor.scss
@@ -2,6 +2,10 @@
 
 .staff-editor {
 
+    &__image-uploader {
+        opacity: 0;
+    }
+
     &__card {
         background-color: $primary-red;
         position: relative;
@@ -11,10 +15,6 @@
         border: 2px solid $grey;
         margin-bottom: 20px;
 
-        &__image-uploader {
-            opacity: 0;
-        }
-
         &-pic {
             height: 100%;
             position: absolute;
@@ -45,7 +45,7 @@
 
             &-wrapper {
                 transition: opacity 0.2s ease;
-                background-color: $grey;
+                background-color: white;
                 position: absolute;
                 top: 20px;
                 border: 4px solid $grey;
diff --git a/client/src/app/main/dashboard/dashboard-create-ticket/create-ticket-form.js b/client/src/app/main/dashboard/dashboard-create-ticket/create-ticket-form.js
index 1ce083b3..0e927776 100644
--- a/client/src/app/main/dashboard/dashboard-create-ticket/create-ticket-form.js
+++ b/client/src/app/main/dashboard/dashboard-create-ticket/create-ticket-form.js
@@ -119,6 +119,7 @@ class CreateTicketForm extends React.Component {
 
             API.call({
                 path: '/ticket/create',
+                dataAsForm: true,
                 data: _.extend({}, formState, {
                     captcha: captcha && captcha.getValue(),
                     departmentId: SessionStore.getDepartments()[formState.departmentIndex].id
diff --git a/client/src/lib-app/api-call.js b/client/src/lib-app/api-call.js
index 032c5bc0..2979e9b9 100644
--- a/client/src/lib-app/api-call.js
+++ b/client/src/lib-app/api-call.js
@@ -2,19 +2,35 @@ const _ = require('lodash');
 const APIUtils = require('lib-core/APIUtils');
 const SessionStore = require('lib-app/session-store');
 
-const root = 'http://localhost:3000/api';
+const url = 'http://localhost:3000';
+const apiUrl = 'http://localhost:3000/api';
 
-function processData (data) {
-    return _.extend({
-        csrf_token: SessionStore.getSessionData().token,
-        csrf_userid: SessionStore.getSessionData().userId
-    }, data);
+function processData (data, dataAsForm = false) {
+    let newData;
+    
+    if(dataAsForm) {
+        newData = new FormData();
+
+        _.each(data, (value, key) => {
+            newData.append(key, value);
+        });
+
+        newData.append('csrf_token', SessionStore.getSessionData().token);
+        newData.append('csrf_userid', SessionStore.getSessionData().userId);
+    } else {
+        newData = _.extend({
+            csrf_token: SessionStore.getSessionData().token,
+            csrf_userid: SessionStore.getSessionData().userId
+        }, data)
+    }
+    
+    return newData;
 }
 
 module.exports = {
-    call: function ({path, data, plain}) {
+    call: function ({path, data, plain, dataAsForm}) {
         return new Promise(function (resolve, reject) {
-            APIUtils.post(root + path, processData(data))
+            APIUtils.post(apiUrl + path, processData(data, dataAsForm), dataAsForm)
                 .then(function (result) {
                     console.log(result);
 
@@ -33,5 +49,17 @@ module.exports = {
                     });
                 });
         });
+    },
+    
+    getFileLink(filePath) {
+        return apiUrl + '/system/download?file=' + filePath;
+    },
+    
+    getAPIUrl() {
+        return apiUrl;
+    },
+    
+    getURL() {
+        return url;
     }
 };
\ No newline at end of file
diff --git a/client/src/lib-core/APIUtils.js b/client/src/lib-core/APIUtils.js
index 65b52ae6..e655deb4 100644
--- a/client/src/lib-core/APIUtils.js
+++ b/client/src/lib-core/APIUtils.js
@@ -3,15 +3,25 @@ const $ = require('jquery');
 
 const APIUtils = {
 
-    getPromise(path, method, data) {
+    getPromise(path, method, data, dataAsForm) {
         return (resolve, reject) => {
-            $.ajax({
+            let options = {
                 url: path,
                 method: method,
-                data: data,
-                processData: false,
-                contentType: false
-            })
+                data: data
+            };
+            
+            if(dataAsForm) {
+                options = {
+                    url: path,
+                    type: method,
+                    data: data,
+                    processData: false,
+                    contentType: false
+                };
+            }
+            
+            $.ajax(options)
             .done(resolve)
             .fail((jqXHR, textStatus) => {
                 reject(textStatus);
@@ -23,8 +33,8 @@ const APIUtils = {
         return new Promise(this.getPromise(path, 'GET'));
     },
 
-    post(path, data) {
-        return new Promise(this.getPromise(path, 'POST', data));
+    post(path, data, dataAsForm) {
+        return new Promise(this.getPromise(path, 'POST', data, dataAsForm));
     },
 
     patch(path, data) {
diff --git a/server/controllers/staff/edit.php b/server/controllers/staff/edit.php
index 05c0b1af..6bc3f7e1 100644
--- a/server/controllers/staff/edit.php
+++ b/server/controllers/staff/edit.php
@@ -57,8 +57,7 @@ class EditStaffController extends Controller {
             $this->staffInstance->sharedDepartmentList = $this->getDepartmentList();
         }
 
-        if(Controller::request('file')) {
-            $fileUploader = $this->uploadFile();
+        if($fileUploader = $this->uploadFile()) {
             $this->staffInstance->profilePic = ($fileUploader instanceof FileUploader) ? $fileUploader->getFileName() : null;
         }
 
diff --git a/server/controllers/system/download.php b/server/controllers/system/download.php
index b0b8e639..756fd56e 100644
--- a/server/controllers/system/download.php
+++ b/server/controllers/system/download.php
@@ -8,7 +8,7 @@ class DownloadController extends Controller {
 
     public function validations() {
         return [
-            'permission' => 'user',
+            'permission' => 'any',
             'requestData' => [
                 'file' => [
                     'validation' => DataValidator::alnum('_.-')->noWhitespace(),
@@ -20,23 +20,32 @@ class DownloadController extends Controller {
 
     public function handler() {
         $fileName = Controller::request('file');
+        $staffUser = Staff::getDataStore($fileName, 'profilePic');
 
-        $loggedUser = Controller::getLoggedUser();
-        $ticket = Ticket::getTicket($fileName, 'file');
+        if($staffUser->isNull()) {
+            $loggedUser = Controller::getLoggedUser();
 
-        if($ticket->isNull() || ($this->isNotAuthor($ticket, $loggedUser) && $this->isNotOwner($ticket, $loggedUser))) {
-            $ticketEvent = Ticketevent::getDataStore($fileName, 'file');
-
-            if($ticketEvent->isNull()) {
+            if($loggedUser->isNull()) {
                 print '';
                 return;
             }
 
-            $ticket = $ticketEvent->ticket;
+            $ticket = Ticket::getTicket($fileName, 'file');
 
-            if($this->isNotAuthor($ticket, $loggedUser) && $this->isNotOwner($ticket, $loggedUser)) {
-                print '';
-                return;
+            if($ticket->isNull() || ($this->isNotAuthor($ticket, $loggedUser) && $this->isNotOwner($ticket, $loggedUser))) {
+                $ticketEvent = Ticketevent::getDataStore($fileName, 'file');
+
+                if($ticketEvent->isNull()) {
+                    print '';
+                    return;
+                }
+
+                $ticket = $ticketEvent->ticket;
+
+                if($this->isNotAuthor($ticket, $loggedUser) && $this->isNotOwner($ticket, $loggedUser)) {
+                    print '';
+                    return;
+                }
             }
         }
 
diff --git a/server/controllers/system/init-settings.php b/server/controllers/system/init-settings.php
index a3bfdf65..8ac8314b 100644
--- a/server/controllers/system/init-settings.php
+++ b/server/controllers/system/init-settings.php
@@ -116,7 +116,7 @@ class InitSettingsController extends Controller {
             'name' => 'Emilia Clarke',
             'email' => 'staff@opensupports.com',
             'password' => Hashing::hashPassword('staff'),
-            'profilePic' => 'http://www.opensupports.com/profilepic.jpg',
+            'profilePic' => '',
             'level' => 3,
             'sharedDepartmentList' => Department::getAll(),
             'sharedTicketList' => []
diff --git a/server/libs/Controller.php b/server/libs/Controller.php
index 95ca49ed..3fe2db45 100644
--- a/server/libs/Controller.php
+++ b/server/libs/Controller.php
@@ -33,10 +33,10 @@ abstract class Controller {
         self::$dataRequester = function ($key) {
             $app = self::getAppInstance();
 
-            $value = $app->request()->post($key);
-
-            if(!$value) {
+            if (Controller::getAppInstance()->request()->isGet()) {
                 $value = $app->request()->get($key);
+            } else {
+                $value = $app->request()->post($key);
             }
 
             return $value;
@@ -55,9 +55,9 @@ abstract class Controller {
         $session = Session::getInstance();
 
         if ($session->isStaffLogged()) {
-            return Staff::getUser((int)self::request('csrf_userid'));
+            return Staff::getUser($session->getUserId());
         } else {
-            return User::getUser((int)self::request('csrf_userid'));
+            return User::getUser($session->getUserId());
         }
     }
 
diff --git a/server/models/Response.php b/server/models/Response.php
index bd20c480..0220a225 100644
--- a/server/models/Response.php
+++ b/server/models/Response.php
@@ -9,8 +9,9 @@ class Response {
         );
 
         $app = \Slim\Slim::getInstance();
-        $app->response()->setBody(json_encode($response));
-        $app->response()->finalize();
+        $app->response->headers->set('Content-Type', 'application/json');
+        $app->response->setBody(json_encode($response));
+        $app->response->finalize();
     }
 
     public static function respondSuccess($data = null) {
@@ -20,7 +21,8 @@ class Response {
         );
 
         $app = \Slim\Slim::getInstance();
-        $app->response()->setBody(json_encode($response));
-        $app->response()->finalize();
+        $app->response->headers->set('Content-Type', 'application/json');
+        $app->response->setBody(json_encode($response));
+        $app->response->finalize();
     }
 }
diff --git a/server/models/Session.php b/server/models/Session.php
index eceb9c13..bd5e987e 100644
--- a/server/models/Session.php
+++ b/server/models/Session.php
@@ -39,6 +39,10 @@ class Session {
         return $this->getStoredData('ticketNumber');
     }
 
+    public function getUserId() {
+        return $this->getStoredData('userId');
+    }
+
     public function getToken() {
         return $this->getStoredData('token');
     }