Secure local server for synchronized online content management system

What is claimed is: 1. A method comprising: receiving, at a local web server on a client device and from a web browser on the client device, a request to access a local content stored on the client device, wherein a client application working in conjunction with the local web server is configured to synchronize the local content with a remote content stored in an online content management system; issuing, by the client application working with the local web server, a challenge for the web browser; receiving a response to the challenge; and when the response is a valid response to the challenge, allowing the web browser to access the local content via the client application working with the local web server. 2. The method of claim 1 wherein receiving the request comprises receiving, by the local web server, the request addressed to a loopback address of the client device. 3. The method of claim 1 , wherein receiving the request comprises establishing a web socket connection between the local web server and the web browser. 4. The method of claim 1 , wherein issuing the challenge comprises creating challenge data on the client device, and wherein receiving the response comprises receiving, by the client application, response data created by the web browser based on the challenge data. 5. The method of claim 4 , wherein at least one of the challenge data or the response data comprises a cryptographic nonce. 6. The method of claim 4 , wherein the challenge data is created by the client application at a location on the client device, the location being accessible only to applications that are running locally on the client device. 7. The method of claim 4 , wherein issuing the challenge further comprises creating a file on the client device, the file comprising the challenge data and instructions for creating the response data based on the challenge data. 8. The method of claim 4 , wherein issuing the challenge further comprises transmitting, by the local web server to the web browser, a location identifier that identifies a location of the challenge data on the client device. 9. The method of claim 4 , wherein the response data is transmitted by the web browser to the client application via at least one of a JavaScript postMessage method, a hypertext markup language iframe, or a pop-up window. 10. The method of claim 1 , further comprising: prior to issuing the challenge, performing a security verification comprising one of (i) validating that the request comes from a correct local user, or (ii) validating that an address associated with the local web server resolves to a loopback address for the client device. 11. The method of claim 1 , wherein data traffic between the local web server and the web browser is doubly encrypted. 12. The method of claim 1 , wherein issuing the challenge comprises: receiving challenge data from the online content management system; and forwarding the challenge data to the web browser. 13. The method of claim 12 , wherein receiving the response comprises: receiving, from the online content management system, a validation of response data, the response data having been created by the web browser based on the challenge data and sent by the web browser to the online content management system. 14. The method of claim 1 , wherein the client device is one of a desktop computer, a mobile computer, a mobile communications device, a smart television, or a set-top box. 15. A client device comprising: a processor; and a computer-readable medium storing instructions which, when executed by the processor, cause the processor to perform operations comprising: transmitting, from a web browser on the client device to a local web server on the client device, a request to access a local content stored on the client device, wherein a client application works in conjunction with the local web server and is configured to synchronize the local content with a remote content stored in an online content management system; receiving, by the web browser, a challenge from the client application working with the local web server; transmitting, by the web browser, a response to the challenge; and upon receiving verification that the response is a valid response to the challenge, accessing the local content by the web browser via the client application working with the local web server. 16. The client device of claim 15 , wherein receiving the challenge comprises: receiving, by the web browser, a location identifier for challenge data created by the client application at a location on the client device, the location being accessible only to applications that are locally running on the client device; and accessing, by the web browser, the challenge data using the location identifier. 17. The client device of claim 16 , wherein transmitting the response comprises: creating response data by the web browser based on the challenge data; and transmitting the response data by the web browser to the client application working with the local web server. 18. The client device of claim 15 , wherein receiving the challenge comprises: receiving, by the web browser, challenge data from the client application, wherein the challenge data is also sent by the client application to the online content management system. 19. The client device of claim 18 , wherein transmitting the response comprises: creating, by the web browser, response data based on the challenge data; and transmitting the response data to the online content management system. 20. The client device of claim 19 , wherein the verification is received from the online content management system when the online content management system determines that the response data is a valid response to the challenge data. 21. The client device of claim 15 , wherein the client device is one of a desktop computer, a mobile computer, a mobile communications device, a smart television, or a set-top box. 22. A non-transitory computer-readable medium storing instructions which, when executed by a processor, cause the processor to perform operations comprising: receiving, at an online content management system from a local web server on a client device, a request to issue challenge data, wherein the local web server is configured to work with a client application to synchronize a local content stored on the client device with a remote content stored in the online content management system, wherein the challenge data is adapted for validating a web browser on the client device for access of the local content; generating the challenge data; transmitting the challenge data to the web browser; receiving response data from the web browser, the response data having been created by the web browser based on the challenge data that the web browser has received from the online content management system; determining whether the response data is a valid response to the challenge data, to yield a validation result; and transmitting the validation result to at least one of the client application or the web browser. 23. The non-transitory computer-readable medium of claim 22 , wherein the client device is one of a desktop computer, a mobile computer, a mobile communications device, a smart television, or a set-top box.