dont drop true error with url str parse, fix url contains logic order, clarify config comment

Signed-off-by: strawberry <strawberry@puppygock.gay>

conduwuit-example.toml

@@ -176,7 +176,7 @@ url_preview_domain_contains_allowlist = []
 url_preview_domain_explicit_allowlist = []
 
 # Vector list of URLs allowed to send requests to for URL previews. Defaults to none.
-# Note that this is a *contains* match, not an explicit match. Putting "https://google.com" will match "https://google.com/" and "https://google.com/url?q=https://mymaliciousdomainexample.com"
+# Note that this is a *contains* match, not an explicit match. Putting "google.com" will match "https://google.com/", "https://google.com/url?q=https://mymaliciousdomainexample.com", and "https://mymaliciousdomainexample.com/hi/google.com"
 # Setting this to "*" will allow all URL previews. Please note that this opens up significant attack surface to your server, you are expected to be aware of the risks by doing so.
 url_preview_url_contains_allowlist = []
 

src/api/client_server/media.rs

@@ -14,7 +14,7 @@
         get_media_config, get_media_preview,
     },
 };
-use tracing::{debug, error, info};
+use tracing::{debug, error, info, warn};
 use webpage::HTML;
 
 /// generated MXC ID (`media-id`) length
@@ -500,7 +500,10 @@ async fn get_url_preview(url: &str) -> Result<UrlPreviewData> {
 fn url_preview_allowed(url_str: &str) -> bool {
     let url: Url = match Url::parse(url_str) {
         Ok(u) => u,
-        Err(_) => return false,
+        Err(e) => {
+            warn!("Failed to parse URL from a str: {}", e);
+            return false;
+        }
     };
 
     if ["http", "https"]
@@ -559,7 +562,7 @@ fn url_preview_allowed(url_str: &str) -> bool {
 
         if allowlist_url_contains
             .iter()
-            .any(|url_s| url_s.contains(&url.to_string()))
+            .any(|url_s| url.to_string().contains(&url_s.to_string()))
         {
             return true;
         }