fix: Livechat `CSP` whitelist validation (#29278)

.changeset/mean-bottles-work.md

+---
+"@rocket.chat/meteor": patch
+---
+
+fixes the Livechat CSP validation, which was incorrectly blocking access to the widget for all non whitelisted domains

apps/meteor/app/livechat/server/livechat.ts

@@ -21,7 +21,7 @@ WebApp.connectHandlers.use('/livechat', (req, res, next) => {
 
 	const domainWhiteListSetting = settings.get<string>('Livechat_AllowedDomainsList');
 	let domainWhiteList = [];
-	if (req.headers.referer && !domainWhiteListSetting.trim()) {
+	if (req.headers.referer && domainWhiteListSetting.trim()) {
 		domainWhiteList = domainWhiteListSetting.split(',').map((domain) => domain.trim());
 
 		const referer = url.parse(req.headers.referer);