From 1acbbe50576cc0fe0080fcc96bc98e5a93aefddc Mon Sep 17 00:00:00 2001
From: Carson Gross <carson@bigsky.software>
Date: Fri, 4 Aug 2023 14:59:10 -0600
Subject: [PATCH] add test to ensure I don't screw up the `sameHost` value

---
 test/core/security.js | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/test/core/security.js b/test/core/security.js
index ad46a6be..b19e3f76 100644
--- a/test/core/security.js
+++ b/test/core/security.js
@@ -142,7 +142,25 @@ describe("security options", function() {
             htmx.off("htmx:validateUrl", pathVerifier);
         })
         var listener = htmx.on("htmx:invalidPath", function (){
-            htmx.config.selfRequestsOnly = false;
+            htmx.off("htmx:invalidPath", listener);
+            done();
+        })
+        this.server.restore(); // use real xhrs
+        // will 404, but should respond
+        var btn = make('<button hx-get="https://hypermedia.systems/www/test">Initial</button>')
+        btn.click();
+    })
+
+    it("can cancel egress request based on htmx:validateUrl event, sameHost is false", function(done){
+        htmx.logAll()
+        // should trigger send error, rather than reject
+        var pathVerifier = htmx.on("htmx:validateUrl", function (evt){
+            if (evt.detail.sameHost === false) {
+                evt.preventDefault();
+            }
+            htmx.off("htmx:validateUrl", pathVerifier);
+        })
+        var listener = htmx.on("htmx:invalidPath", function (){
             htmx.off("htmx:invalidPath", listener);
             done();
         })