From 18ffeccb86d39becaccc8463ab3cb3197a732d49 Mon Sep 17 00:00:00 2001
From: Aleksander Nicacio da Silva <aleksander.silva@rocket.chat>
Date: Wed, 17 May 2023 18:34:42 -0300
Subject: [PATCH 1/2] fix: Fixed livechat csp whitelist validation

---
 apps/meteor/app/livechat/server/livechat.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/meteor/app/livechat/server/livechat.ts b/apps/meteor/app/livechat/server/livechat.ts
index 5df0776e69ea..f5f99835f5cd 100644
--- a/apps/meteor/app/livechat/server/livechat.ts
+++ b/apps/meteor/app/livechat/server/livechat.ts
@@ -21,7 +21,7 @@ WebApp.connectHandlers.use('/livechat', (req, res, next) => {
 
 	const domainWhiteListSetting = settings.get<string>('Livechat_AllowedDomainsList');
 	let domainWhiteList = [];
-	if (req.headers.referer && !domainWhiteListSetting.trim()) {
+	if (req.headers.referer && domainWhiteListSetting.trim()) {
 		domainWhiteList = domainWhiteListSetting.split(',').map((domain) => domain.trim());
 
 		const referer = url.parse(req.headers.referer);

From a325b2394d5446765516a66218496a17e0b34858 Mon Sep 17 00:00:00 2001
From: Guilherme Gazzo <guilhermegazzo@gmail.com>
Date: Thu, 18 May 2023 15:50:48 -0300
Subject: [PATCH 2/2] Create mean-bottles-work.md

---
 .changeset/mean-bottles-work.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/mean-bottles-work.md

diff --git a/.changeset/mean-bottles-work.md b/.changeset/mean-bottles-work.md
new file mode 100644
index 000000000000..10e7e54d9251
--- /dev/null
+++ b/.changeset/mean-bottles-work.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+fixes the Livechat CSP validation, which was incorrectly blocking access to the widget for all non whitelisted domains