[dom_distiller] Fix viewer to use Open Sans webfont.

components/dom_distiller/content/dom_distiller_viewer_source.cc

Index: components/dom_distiller/content/dom_distiller_viewer_source.cc
diff --git a/components/dom_distiller/content/dom_distiller_viewer_source.cc b/components/dom_distiller/content/dom_distiller_viewer_source.cc
index 964794e7e40da536a2869a2cb3cba6a95d7cdfb9..fef98cfdace3f68ec98796eda88e0e8881977e2a 100644
--- a/components/dom_distiller/content/dom_distiller_viewer_source.cc
+++ b/components/dom_distiller/content/dom_distiller_viewer_source.cc
@@ -329,7 +329,7 @@ void DomDistillerViewerSource::WillServiceRequest(
 
 std::string DomDistillerViewerSource::GetContentSecurityPolicyObjectSrc()
     const {
-  return "object-src 'none'; style-src 'self';";
+  return "object-src 'none'; style-src 'self' http://fonts.googleapis.com;";

[nyquist, 2014/08/07 04:50:46]

drive-by: I know the documentation seem to specify http://, but it seems like
https works as well. WDYT about using that instead?

[Yaron, 2014/08/07 05:03:36]

I thought about it, but I honestly don't know how much there is to gain. I
assume the serving on https is to avoid have insecure warning if your page is
https but otherwise is unnecessary. 

[cjhopman, 2014/08/08 18:48:20]

Using http allows a mitm to inject style into the page. I'd say use https for
everything unless it's not possible.

 }
 
 }  // namespace dom_distiller