skip to Main Content

I am using the below code for redirection, if the user’s country is not India then redirect it else keep on the same page

<script src="https://code.jquery.com/jquery-1.9.1.min.js"></script>
   <script type="text/javascript">
   
    function preloadFunc()
    {
        $.ajax('http://ip-api.com/json')
  .then(
      function success(response) {
        if(response.country!="India")
        {window.location.replace("https://www.google.com/");}
    }
    window.onpaint = preloadFunc();
</script>

3

Answers


  1. What happens when you try to do the http call from an https initiated site:

    jquery-1.9.1.min.js:5 Mixed Content: The page at ‘https://******’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://ip-api.com/json’. This request has been blocked; the content must be served over HTTPS.

    If you try to use https for this call you get:

    jquery-1.9.1.min.js:5 GET https://ip-api.com/json 403 (Forbidden)

    and if you try https://ip-api.com/json direct in your browser you get

    {"status":"fail","message":"SSL unavailable for this endpoint, order a key at https://members.ip-api.com/"}
    

    Incidentally, you also have two JS syntax errors in your code. Here is a corrected version (not that it helps in getting the ip stuff returned over https I’m afraid).

    <script src="https://code.jquery.com/jquery-1.9.1.min.js"></script>
    <script type="text/javascript">
       
      function preloadFunc()
        {
          $.ajax('https://ip-api.com/json')
            .then(
          function success(response) {console.log(response);
            if(response.country!="India") {
              window.location.replace("https://www.google.com/");
            }
          })
        }
        window.onpaint = preloadFunc();
    </script>
    
    Login or Signup to reply.
  2. There are two problems:

    1. You cannot make an ajax request using a non-secure method (http) when your page is loaded using a secure method (https). So,if your page is loaded using https, make ajax calls only via https

    2. When doing that, the other problem that occurs is with the security violation that happens when you use window.location.replace. The replace method rewrites the current page history in the browser and redirects the page. But the limitation is that the origin of the destination should be as same as where the page is served.

    Use one of the following methods to redirect if you want to navigate away from the current origin.

    window.location = 'https://www.google.com'
    
    window.location.href = 'https:..www.google.com'
    
    Login or Signup to reply.
  3. That endpoint dont support https Hit directly and check

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search