Comment 43 for bug 1990157

@Brian

I think repeating the same info/mistakes we did with OSSN-0065 is not beneficial. Thus I'd like to avoid go that route and just refer to OSSN-0065 for previous conversation. Thus my take to just remove the section copied from there.

Also realized that the Start of Discussion limits gives impression that this is vulnerable only when the nodes that has show multiple locations enable are public, but that's not the case. Fixin the deployments does not fix the issue, just limits it's accessibility from public.

+This note applies to you if you are operating an end-user-facing
+glance-api service with the 'show_multiple_locations' option set to True
+(the default value is False) or if your end-user-facing glance-api has
+the 'show_image_direct_url' option set to True (default value is False).
+Your exposure is less if you have *only* 'show_image_direct_url=True',
+but the deployment configuration suggested below is recommended for your
+case as well.

I'd change the first paragraph to something like:
This note applies to you if you are operating a glance-api service with the 'show_multiple_locations' option set to True
(the default value is False) or if your end-user-facing glance-api has
the 'show_image_direct_url' option set to True (default value is False).
Your exposure is less if you have *only* 'show_image_direct_url=True' or
your glance-api that has 'show_multiple_locations=True' is deployed internal
service facing only, but the deployment configuration suggested below is
recommended for your case as well.