Merge branch 'production' into max/zt/azure-entra

src/components/AnchorHeading.astro

@@ -1,23 +1,26 @@
 ---
 import { z } from "astro:schema";
 import { marked } from "marked";
-import { slug } from "github-slugger";
+import { slug as GithubSlug } from "github-slugger";
 
 type Props = z.infer<typeof props>;
 
 const props = z.object({
 	title: z.string(),
+	slug: z.string().optional(),
 	depth: z.number().min(1).max(6),
 });
 
-const { title, depth } = props.parse(Astro.props);
+const { title, slug, depth } = props.parse(Astro.props);
+
+const slugified = GithubSlug(slug ?? title);
 
 const Heading = `h${depth}` as "h1" | "h2" | "h3" | "h4" | "h5" | "h6";
 ---
 
 <div tabindex="-1" class=`heading-wrapper level-h${depth}`>
-	<Heading id={slug(title)} set:html={marked.parseInline(title) as string} />
-	<a class="anchor-link" href={`#${slug(title)}`}>
+	<Heading id={slugified} set:html={marked.parseInline(title) as string} />
+	<a class="anchor-link" href={`#${slugified}`}>
 		<span aria-hidden class="anchor-icon">
 			<svg width="16" height="16" viewBox="0 0 24 24">
 				<path

src/content/docs/api-shield/security/schema-validation/index.mdx

@@ -155,10 +155,95 @@ OpenAPI schemas generated by different tooling may not be specific enough to imp
 
 ## Limitations
 
-Currently, API Shield cannot validate some features of API schemas, including the following: all responses, external references, non-basic path templating, or unique items.
+Schema Validation supports [OpenAPI Version 3.0.x schemas](https://spec.openapis.org/oas/v3.0.3). OpenAPI 3.1 is not supported yet, and we do not plan to expand support for OpenAPI 2.0. 
+
+Currently, API Shield does not support some features of API schemas, including the following: all responses, external references, non-basic path templating, or unique items.
 
 There is a limit of 10,000 total operations for enabled schemas.
 
+### Required fields
+
+Although not strictly required by the OpenAPI specification, Schema Validation strictly requires these fields.
+
+#### `schema`
+
+- [`type`](https://spec.openapis.org/oas/v3.0.3#schema-object)
+   - All schemas require a type to be set. If the specific type is not supported by Schema Validation, it is usually best to simply set the type to `string` instead.
+
+#### `parameter`
+
+- [`schema`](https://spec.openapis.org/oas/v3.0.3#schema-object)
+   - Schema Validation does not support the content field in parameters. For more details, refer to the [notes on validated and supported fields](#notes-on-validated-and-supported-fields) below. Instead, a schema is strictly required on all parameters objects.
+
+### Notes on validated and supported fields
+
+Refer to the information below for more details on Schema Validation's current support for various OpenAPI specification (OAS) objects and fields.
+
+#### `servers`
+
+- [`url`](https://spec.openapis.org/oas/v3.0.3#server-object)
+   - Schema Validation does not support relative URLs.
+- [`variables`](https://spec.openapis.org/oas/v3.0.3#server-variable-object)
+   - Server variables are not validated.
+
+#### `parameter`
+
+- [`style`](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - Only the default values are supported: `"simple"` (path or header parameters) and `"form"` (query or cookie parameters).
+- [`explode`](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - Only the default values are supported: `true` (for form) and `false` (for simple).
+- [`content`](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - The content field is not supported in parameters. Use the schema field instead.
+- [`type`](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - Cloudflare currently does not validate object type parameters.
+
+#### `reference`
+
+- [`$ref`](https://spec.openapis.org/oas/v3.0.3#reference-object)
+   - External or relative references are not supported.
+
+#### `requestBody`
+
+- `content`
+   - [Request Body Object](https://spec.openapis.org/oas/v3.0.3#request-body-object)
+   - [Media Type Object](https://spec.openapis.org/oas/v3.0.3#media-type-object)
+      - Schema Validation is able to validate `application/json` documents. If a given schema allows other content types, Schema Validation will accept those requests without validation.
+
+#### `parameter/schema`
+
+- `anyOf`
+   - [Parameter Object](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - [Schema Object](https://spec.openapis.org/oas/v3.0.3#schema-object)
+      - `anyOf` schemas are currently not supported in parameter schemas.
+
+#### `schema`
+
+- [`format`](https://spec.openapis.org/oas/v3.0.3#schema-object)
+   - Validated formats:
+     - `date-time`
+     - `time`
+     - `date`
+     - `email`
+     - `hostname`
+     - `ipv4`
+     - `ipv6`
+     - `uri`
+     - `uri-reference`
+     - `iri`
+     - `iri-reference`
+     - `int32`
+     - `int64`
+     - `float`
+     - `double`
+     - `password`
+     - `uuid`
+   - Soon to be validated formats:
+     - `byte`
+     - `uint64`
+
+- [`uniqueItems`](https://spec.openapis.org/oas/v3.0.3#schema-object)
+   - This field is currently not validated by Schema Validation.
+
 ## Body inspection
 
 API Shield has the ability to identify body specifications contained in uploaded schemas and validate that the data of incoming API requests adheres to them.

src/content/docs/bots/reference/sample-terms.mdx

@@ -0,0 +1,16 @@
+---
+pcx_content_type: reference
+title: Sample Terms
+weight: 0
+
+---
+
+Cloudflare recommends that customers consider updating their Terms of Service to address bots specifically related to Artificial Intelligence (AI) training and data scraping. The text below provides an informational example of the kind of language that could be added to a website's terms of use.
+
+```
+**Artificial Intelligence Restriction**
+You may not use automated means to access, scan, scrape, data mine, copy, or use the materials or content on this website for developing, training, fine-tuning, or otherwise contributing to or improving a machine learning model or artificial intelligence (AI) system or the operation thereof, unless you are explicitly permitted (i.e., “allowed”) to do so in this website’s robots.txt file.
+```
+
+**Disclaimer**
+This language is provided for informational purposes only. It does not constitute legal advice, nor does it guarantee any specific outcome. This is merely an illustrative example of language that can be included in a website’s terms to put AI providers on notice that they are not authorized to use automated means to scrape content from your website for purposes of training or otherwise contributing to their AI models or systems, unless you have expressly permitted them to do so in your robots.txt file. 

src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx

@@ -13,7 +13,7 @@ import { Badge, Details, Tabs, TabItem, Render } from "~/components";
 Access for Infrastructure allows you to have granular control over how users access individual servers, clusters, or databases in your private network. By adding an infrastructure application to Cloudflare Access, you can configure how users authenticate to the resource as well as control and authorize the ports, protocols, and usernames that they can connect with. Access and command logs ensure regulatory compliance and allow for auditing of user activity in case of a security breach.
 
 :::note
-Access for Infrastructure currently only supports [SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/).
+Access for Infrastructure is available in early access and currently only supports [SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/).
 :::
 
 ## Prerequisites

src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cert-with-warp.mdx

@@ -19,14 +19,15 @@ import { Details } from "~/components";
 | -------- | ------------ | -------------------- |
 | Windows  | ✅           | 2023.3.381.0         |
 | macOS    | ✅           | 2023.3.381.0         |
-| Linux    | ✅           | 2023.3.381.0         |
+| Linux <sup>*</sup>    | ✅           | 2023.3.381.0         |
 | iOS      | ❌           |                      |
 | Android  | ❌           |                      |
 | ChromeOS | ❌           |                      |
 
+<sup>*</sup> Only supported on Debian-based systems.
 </Details>
 
-The WARP client can automatically install the Cloudflare certificate (or a [custom root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/)) on Windows, macOS, and Linux devices enrolled in your Zero Trust organization. On mobile devices, you will need to [install the certificate manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/).
+The WARP client can automatically install the Cloudflare certificate (or a [custom root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/)) on Windows, macOS, and Debian/Ubuntu Linux devices. On mobile devices and Red Hat-based systems, you will need to [install the certificate manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/).
 
 The certificate is required if you want to [apply HTTP policies to encrypted websites](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), display custom block pages, and more.
 

src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert.mdx

@@ -165,7 +165,7 @@ sudo dpkg-reconfigure ca-certificates
 
 #### Red Hat-based distributions
 
-The following procedure applies to Red Hat-based systems, such as Red Hat Enterprise Linux (RHEL), Fedora, Rocky Linux, and AlmaLinux.
+The following procedure applies to Red Hat-based systems, such as CentOS and Red Hat Enterprise Linux (RHEL).
 
 1. Download both the [`.crt` certificate](/cloudflare-one/static/Cloudflare_CA.crt) and the [`.pem` certificate](/cloudflare-one/static/Cloudflare_CA.pem).
 2. Install the `ca-certificates` package.

src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx

@@ -14,6 +14,10 @@ import { Tabs, TabItem, Badge, Render } from "~/components";
 [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/) uses the same deployment model as [WARP-to-Tunnel](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-warp-to-tunnel/) but unlocks more granular policy options and command logging functionality.
 <Render file="access/short-lived-certs-intro" params={{ intro: "Furthermore, Access for Infrastructure replaces" }} />
 
+:::note
+SSH with Access for Infrastructure is currently available in early access.
+:::
+
 ## 1. Connect the server to Cloudflare
 
 1. Create a Cloudflare Tunnel for your server by following our [dashboard setup guide](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/). You can skip the connect an application step and go straight to connecting a network.
@@ -120,4 +124,4 @@ To manually retrieve logs:
 3. Select **Download** to download the session's command log.
 4. <Render file="ssh/decrypt-ssh-log" />
 
-Enterprise customers can also export command logs using [Logpush](/cloudflare-one/insights/logs/logpush/).
+Enterprise customers can also export command logs using [Logpush](/cloudflare-one/insights/logs/logpush/).

src/content/docs/d1/platform/limits.mdx

@@ -6,7 +6,7 @@ sidebar:
 
 ---
 
-import { Render } from "~/components"
+import { Render } from "~/components";
 
 | Feature                                                                                                             | Limit                                             |
 | ------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- |
@@ -24,23 +24,21 @@ import { Render } from "~/components"
 | Maximum arguments per SQL function                                                                                  | 32                                                |
 | Maximum characters (bytes) in a `LIKE` or `GLOB` pattern                                                            | 50 bytes                                          |
 | Maximum bindings per Workers script                                                                                 | Approximately 5,000 [^2]                          |
-| Maximum SQL query duration                                                                                          | 30 seconds                                        |
-| Maximum file import (`d1 execute`) size                                                                             | 5 GiB [^3]                                        |
-
-:::note
-
-
-If you would like to explore other storage solutions for your application, Cloudflare also offers [Workers KV](/kv/api/), [Durable Objects](/durable-objects/), and [R2](/r2/get-started/).
-
-Refer to the [Choose a data or storage product](/workers/platform/storage-options/) to review which storage option is right for your use case.
-
+| Maximum SQL query duration                                                                                          | 30 seconds [^3]                                   |
+| Maximum file import (`d1 execute`) size                                                                             | 5 GiB [^4]                                        |
 
+:::note[Batch limits]
+Limits for individual queries (listed above) apply to each individual statement contained within a batch statement. For example, the maximum SQL statement length of 100 KB applies to each statement inside a `db.batch()`.
 :::
 
 [^1]: The maximum storage per account can be increased by request on Workers Paid and Enterprise plans. See the guidance on limit increases on this page to request an increase.
 
 [^2]: A single Worker script can have up to 1 MB of script metadata. A binding is defined as a binding to a resource, such as a D1 database, KV namespace, environmental variable or secret. Each resource binding is approximately 150-bytes, however environmental variables and secrets are controlled by the size of the value you provide. Excluding environmental variables, you can bind up to \~5,000 D1 databases to a single Worker script.
 
-[^3]: The imported file is uploaded to R2. See [R2 upload limit](/r2/platform/limits).
+[^3]: Requests to Cloudflare API must resolve in 30 seconds. Therefore, this duration limit also applies to the entire batch call.
+
+[^4]: The imported file is uploaded to R2. See [R2 upload limit](/r2/platform/limits).
+
+Cloudflare also offers other storage solutions such as [Workers KV](/kv/api/), [Durable Objects](/durable-objects/), and [R2](/r2/get-started/). Each product has different advantages and limits. Refer to [Choose a data or storage product](/workers/platform/storage-options/) to review which storage option is right for your use case.
 
-<Render file="limits_increase" product="workers" />
+<Render file="limits_increase" product="workers" />