Is it possible to have IIS require SSL and redirect HTTP at the same time?

I have 2 file upload in my form, i.e. Formik form with initialValues which is this

  const initialValues = {
    coverPhoto: this.props.response.response.coverPhoto
      ? this.props.response.response.coverPhoto
      : {},
    photo: this.props.response.response.photo
      ? this.props.response.response.photo
      : {}
  };

and the form

<Formik initialValues={initialValues}  onSubmit={fields => { this.props.onUpdateMyProfile(fields); }>
....
<input type="file" className="custom-file-input" id="photo" name="photo" accept="image/*" onChange={event => setFieldValue( "photo", event.currentTarget.files[0])}/>
<input type="file" className="custom-file-input" id="coverPhoto" name="coverPhoto" accept="image/*" onChange={event =>"coverPhoto", setFieldValue(event.target.files[0])} />

but when I submit the form it is getting me {} an empty object instead of the File Object, but when I console it out, I get the whole Object, along with the image object.

aboutYourself: "e4 e5 c4"
coverPhoto: ""
firstName: "Yash"
lastName: "Karanke"
photo: File
lastModified: 1605275591390
lastModifiedDate: Fri Nov 13 2020 19:23:11 GMT+0530 (India Standard Time) {}
name: "pngtree-abstract-background-image_88872.jpg"
size: 636889
type: "image/jpeg"
webkitRelativePath: ""
__proto__: File
slug: "yash-karanke"

. How do I resolve it?

Thanks. If we have Require SSL this default page cannot be reached right? So this display page would be a temporary one for some time before the full switch. I guess there is no way around it?

could you look at my answer?

Yes, that's exactly right.

EvilDr, could you look at my answer and comment on if this is secure?

In terms of secure, what is the content you are trying to protect? You should not redirect to SSL on the client side because apparently it is susceptible to man-in-the-middle attacks. The user should have to click a link manually to switch to the SSL-based site, so I wouldn't use JavaScript if possible.

To be honest I'd be tempted to email your HTTP users and tell them, as some might not be logging in frequently anyway. Then, once its HTTPS only, you'll soon find out where the gaps are!

As above, JS redirects aren't recommended due to man-in-the-middle attacks and spoofed redirect pages. I can't find the link to prove this as I read it ages ago, but a link the user has to click on to get to HTTPS is better.

Yes, I have added that and it is still not working

still i can see 1 param event =>"photo", setFieldValue(event.target.files[0]

oh, I edited the question with an incorrect code.

Since when attacks are coming from browsers? "...still responds without SSL...", what kind of response?

@g.pickardou Man in the middle means that there's a device between the PC or browser and the server. Not the browser itself. A device could send the user trying to go to "bankly.com" to their own site ("bank1y.com") that looks the same, which allows them to trick the user into giving them info intended for the first site (login info or worse).