[dom_distiller] Fix viewer to use Open Sans webfont.

components/dom_distiller/content/dom_distiller_viewer_source.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/dom_distiller/content/dom_distiller_viewer_source.h"
 
 #include <sstream>
 #include <string>
 #include <vector>
 
@@ skipping 311 matching lines @@
 }
 
 // TODO(nyquist): Start tracking requests using this method.
 void DomDistillerViewerSource::WillServiceRequest(
     const net::URLRequest* request,
     std::string* path) const {
 }
 
 std::string DomDistillerViewerSource::GetContentSecurityPolicyObjectSrc()
     const {
-  return "object-src 'none'; style-src 'self';";
+  return "object-src 'none'; style-src 'self' http://fonts.googleapis.com;";

[nyquist, 2014/08/07 04:50:46]

drive-by: I know the documentation seem to specify http://, but it seems like
https works as well. WDYT about using that instead?

[Yaron, 2014/08/07 05:03:36]

I thought about it, but I honestly don't know how much there is to gain. I
assume the serving on https is to avoid have insecure warning if your page is
https but otherwise is unnecessary. 

[cjhopman, 2014/08/08 18:48:20]

Using http allows a mitm to inject style into the page. I'd say use https for
everything unless it's not possible.

 }
 
 }  // namespace dom_distiller