From bc56c35800dd289bcd7e04771517f500c02c543a Mon Sep 17 00:00:00 2001
From: Nikolai Onken <nikolai@c9.io>
Date: Thu, 20 Aug 2015 13:56:38 +0000
Subject: [PATCH] Fix signout for IDE

---
 .../connect-architect/connect.cors/cors.js        | 15 ++++++++++++++-
 plugins/c9.core/http-xhr.js                       |  4 ++++
 plugins/c9.ide.auth/auth.js                       |  3 ++-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/node_modules/connect-architect/connect.cors/cors.js b/node_modules/connect-architect/connect.cors/cors.js
index 9f306f85..ccdb892d 100644
--- a/node_modules/connect-architect/connect.cors/cors.js
+++ b/node_modules/connect-architect/connect.cors/cors.js
@@ -11,6 +11,7 @@ module.exports = function(options, imports, register) {
 function cors(origin, options) {
     return function(req, res, next) {
         options = options || {};
+        var whitelist = options.whitelist || [];
         var writeHead = res.writeHead;
 
         res.writeHead = function(status, headers) {
@@ -20,6 +21,18 @@ function cors(origin, options) {
                 if (key.toLowerCase().indexOf("access-control") === 0)
                     delete(headers[key]);
 
+            if (req.headers.origin) {
+                var hasHostName = whitelist.some(function(hostname) {
+                    return req.headers.origin.match(new RegExp(hostname.replace(".", "\\.") + "$"));
+                });
+                
+                if (whitelist.length && !hasHostName)
+                    return writeHead.call(res, status, headers);
+                    
+                if (hasHostName)
+                    origin = req.headers.origin;
+            }
+                
             headers["Access-Control-Allow-Origin"] = origin;
             headers["Access-Control-Allow-Methods"] = options.methods || "GET, OPTIONS";
             if (options.headers)
@@ -38,7 +51,7 @@ function cors(origin, options) {
             res.end();
             return;
         }
-
+    
         next();
     };
 }
\ No newline at end of file
diff --git a/plugins/c9.core/http-xhr.js b/plugins/c9.core/http-xhr.js
index 156d570a..2d79d209 100644
--- a/plugins/c9.core/http-xhr.js
+++ b/plugins/c9.core/http-xhr.js
@@ -78,6 +78,10 @@ define(function(require, module, exports) {
                 }
             }
             
+            if (options.withCredentials) {
+                xhr.withCredentials = true;
+            }
+            
             var timer;
             var timedout = false;
             if (timeout) {
diff --git a/plugins/c9.ide.auth/auth.js b/plugins/c9.ide.auth/auth.js
index 54fd2633..0b88d862 100644
--- a/plugins/c9.ide.auth/auth.js
+++ b/plugins/c9.ide.auth/auth.js
@@ -113,7 +113,8 @@ define(function(require, exports, module) {
 
             http.request("/_auth/logout", function(err1) {
                 http.request(ideBaseUrl + "/auth/signout", {
-                    method: "POST"
+                    method: "POST",
+                    withCredentials: true
                 }, function(err2) {
                     loggedIn = false;
                     emit("logout", {uid: uid, newUid: ANONYMOUS});