CODEWITHSUNDEEP
javascriptjqueryajax
Maqbool Ahmad
Maqbool Ahmad

Reputation: 61

Using following Javascript (Ajax) code, working fine on http but not working on https

I am using the below code for redirection, if the user's country is not India then redirect it else keep on the same page

<script src="https://code.jquery.com/jquery-1.9.1.min.js"></script>
   <script type="text/javascript">
   
    function preloadFunc()
    {
        $.ajax('http://ip-api.com/json')
  .then(
      function success(response) {
        if(response.country!="India")
        {window.location.replace("https://www.google.com/");}
    }
    window.onpaint = preloadFunc();
</script>

Upvotes: 1

Views: 357

Answers (3)

kiranvj
kiranvj

Reputation: 34147

That endpoint dont support https Hit directly and check

enter image description here

Upvotes: 1

A Haworth
A Haworth

Reputation: 36664

What happens when you try to do the http call from an https initiated site:

jquery-1.9.1.min.js:5 Mixed Content: The page at 'https://******' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ip-api.com/json'. This request has been blocked; the content must be served over HTTPS.

If you try to use https for this call you get:

jquery-1.9.1.min.js:5 GET https://ip-api.com/json 403 (Forbidden)

and if you try https://ip-api.com/json direct in your browser you get

{"status":"fail","message":"SSL unavailable for this endpoint, order a key at https://members.ip-api.com/"}

Incidentally, you also have two JS syntax errors in your code. Here is a corrected version (not that it helps in getting the ip stuff returned over https I'm afraid).

<script src="https://code.jquery.com/jquery-1.9.1.min.js"></script>
<script type="text/javascript">
   
  function preloadFunc()
    {
      $.ajax('https://ip-api.com/json')
        .then(
      function success(response) {console.log(response);
        if(response.country!="India") {
          window.location.replace("https://www.google.com/");
        }
      })
    }
    window.onpaint = preloadFunc();
</script>

Upvotes: 1

Charlie
Charlie

Reputation: 23858

There are two problems:

  1. You cannot make an ajax request using a non-secure method (http) when your page is loaded using a secure method (https). So,if your page is loaded using https, make ajax calls only via https

  2. When doing that, the other problem that occurs is with the security violation that happens when you use window.location.replace. The replace method rewrites the current page history in the browser and redirects the page. But the limitation is that the origin of the destination should be as same as where the page is served.

Use one of the following methods to redirect if you want to navigate away from the current origin.

window.location = 'https://www.google.com'

window.location.href = 'https:..www.google.com'

Upvotes: 1

Related Questions