From f6c983978f8b0e6086e2944193c163ec2e6b27dc Mon Sep 17 00:00:00 2001
From: Konstantin Haase <konstantin.mailinglists@googlemail.com>
Date: Thu, 6 Dec 2012 14:44:00 +0100
Subject: [PATCH] only allow sessionStorage and localStorage

---
 lib/travis/web/set_token.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/travis/web/set_token.rb b/lib/travis/web/set_token.rb
index 7a334bb6..ce999553 100644
--- a/lib/travis/web/set_token.rb
+++ b/lib/travis/web/set_token.rb
@@ -20,7 +20,7 @@ module Travis
         request = Rack::Request.new(env)
         token, user, storage = request.params.values_at('token', 'user', 'storage')
         if token =~ /\A[a-zA-Z\-_\d]+\Z/
-          storage = 'sessionStorage' if storage.to_s.empty?
+          storage = 'sessionStorage' if storage != 'localStorage'
           [storage, token, user, request.fullpath]
         end
       end