Merge branch 'production' into max/gw/list-rate-limit

Author: maxvp

src/content/changelog/d1/2025-05-30-d1-rest-api-latency.mdx

@@ -0,0 +1,14 @@
+---
+title: 50-500ms Faster D1 REST API Requests
+description: D1 REST API request latency improvements.
+products:
+  - d1
+  - workers
+date: 2025-05-29T00:00:00Z
+---
+
+Users using Cloudflare's [REST API](/api/resources/d1/) to query their D1 database can see lower end-to-end request latency now that D1 authentication is performed at the closest Cloudflare network data center that received the request. Previously, authentication required D1 REST API requests to proxy to Cloudflare's core, centralized data centers, which added network round trips and latency. 
+
+Latency improvements range from 50-500 ms depending on request location and [database location](/d1/configuration/data-location/) and only apply to the REST API. REST API requests and databases outside the United States see a bigger benefit since Cloudflare's primary core data centers reside in the United States.
+
+D1 query endpoints like `/query` and `/raw` have the most noticeable improvements since they no longer access Cloudflare's core data centers. D1 control plane endpoints such as those to create and delete databases see smaller improvements, since they still require access to Cloudflare's core data centers for other control plane metadata.

src/content/changelog/fundamentals/2025-05-06-terraform-v5.4.0-provider.mdx

@@ -10,8 +10,8 @@ Earlier this year, we announced the launch of the new [Terraform v5 Provider](/c
 
 ### Changes
 
-- Removes the `worker_platforms_script_secret` resource from the provider
-- Removes duplicated fields in `cloudflare_cloud_connector_rules` resource 
+- Removes the `worker_platforms_script_secret` resource from the provider (see [migration guide](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade#cloudflare_worker_secret) for alternatives—applicable to both Workers and Workers for Platforms)
+- Removes duplicated fields in `cloudflare_cloud_connector_rules` resource
 - Fixes `cloudflare_workers_route` id issues [#5134](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5134) [#5501](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5501)
 - Fixes issue around refreshing resources that have unsupported response types
   <details>
@@ -68,6 +68,9 @@ Earlier this year, we announced the launch of the new [Terraform v5 Provider](/c
   		<li>`cloudflare_zero_trust_access_group`</li>
   	</ul>
   </details>
+- Fixed defaults that made `cloudflare_workers_script` fail when using Assets
+- Fixed Workers Logpush setting in `cloudflare_workers_script` mistakenly being readonly
+- Fixed `cloudflare_pages_project` broken when using "source"
 
 The detailed [changelog](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.4.0) is available on GitHub.
 

src/content/docs/cache/concepts/default-cache-behavior.mdx

@@ -59,6 +59,8 @@ Cloudflare’s CDN provides several cache customization options:
 
 <FeatureTable id="network.max_upload_size" />
 
+Customers can reduce the **Maximum Upload Size** from the zone's **Network** page.
+
 If you require a larger upload, group requests smaller than the upload thresholds or upload the full resource through an [unproxied (grey-clouded) DNS record](/dns/proxy-status/).
 
 ### Cacheable size limits

src/content/docs/cache/get-started.mdx

@@ -43,7 +43,7 @@ Configure your settings to cache static HTML or cache anonymous page views of dy
 
 ## Improve cache HIT rates
 
-Include or exclude query strings, optimize cache keys, or enable tiered cache to improve HIT rates and reduce traffic to your origin.
+Include or exclude query strings, optimize cache keys, or enable [Tiered Cache](/cache/how-to/tiered-cache/) to improve HIT rates and reduce traffic to your origin.
 
 * [Choose a cache level](/cache/how-to/set-caching-levels/)
 * [Enable Tiered Cache with Argo](/cache/how-to/tiered-cache/#enable-tiered-cache)

src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters.mdx

@@ -123,6 +123,17 @@ Specifies the [account certificate](/cloudflare-one/connections/connect-networks
 
 Writes the application's process identifier (PID) to this file after the first successful connection. Mainly useful for scripting and service integration.
 
+## `post-quantum`
+
+| Syntax                                                   | Environment Variable |
+| -------------------------------------------------------- | -------------------- |
+| `cloudflared tunnel run --post-quantum <UUID or NAME>`   | `TUNNEL_POST_QUANTUM`|
+
+
+By default, Cloudflare Tunnel connections over [`quic`](#protocol) are encrypted using [post-quantum cryptography (PQC)](/ssl/post-quantum-cryptography/) but will fall back to non-PQ if there are issues connecting. If the `--post-quantum` flag is provided, `quic` connections are only allowed to use PQ key agreements, with no fallback to non-PQ.
+
+Post-quantum key agreements are not supported when using `http2` protocol.
+
 ## `protocol`
 
 | Syntax                                                     | Default | Environment Variable        |

src/content/docs/developer-spotlight/application-guide.mdx

@@ -32,7 +32,7 @@ To apply to the program, submit an application through the [Developer Spotlight
 
 ## Account credits
 
-Account credits can be used towards recurring monthly charges for Cloudflare plans or add-on services. Once a tutorial submission has been approved and published, we can then add 350 credits to your Cloudflare account. Credits are only valid for three years. Valid payment details must be stored on the recieving account before credits can be added.
+Account credits can be used towards recurring monthly charges for Cloudflare plans or add-on services. Once a tutorial submission has been approved and published, we can then add 350 credits to your Cloudflare account. Credits are only valid for three years. Valid payment details must be stored on the receiving account before credits can be added.
 
 ## FAQ
 

src/content/docs/durable-objects/reference/data-location.mdx

@@ -97,3 +97,7 @@ future.
 the Durable Object will spawn in a nearby location which does support Durable
 Objects. For example, Durable Objects hinted to South America spawn in Eastern
 North America instead.
+
+## Additional resources
+
+- You can find our more about where Durable Objects are located using the website: [Where Durable Objects Live](https://where.durableobjects.live/).

src/content/docs/learning-paths/warp-overview-course/series/warp-basics-1.mdx

@@ -1,6 +1,6 @@
 ---
 pcx_content_type: navigation
-title: Understand the Cloudflare WARP basics
+title: Understand Cloudflare WARP basics
 sidebar:
   order: 2
 tableOfContents: false
@@ -16,7 +16,7 @@ import { Render, Tabs, TabItem, Stream, Card } from "~/components";
     <Card>
         <Stream
         id="31178cc41d0ec56d42ef892160589635"
-        title="Understand the Cloudflare WARP basics"
+        title="Understand Cloudflare WARP basics"
         thumbnail="https://pub-d9bf66e086fb4b639107aa52105b49dd.r2.dev/Understand-Cloudflare-WARP-Basics%20thumbnail.png"
         showMoreVideos={false}
         chapters={{

src/content/docs/learning-paths/warp-overview-course/series/warp-basics-2.mdx

@@ -0,0 +1,46 @@
+---
+pcx_content_type: navigation
+title: WARP diagnostic logs
+sidebar:
+  order: 3
+tableOfContents: false
+---
+
+import { Render, Tabs, TabItem, Stream, Card } from "~/components";
+
+<Tabs>
+  <TabItem label="Watch this episode">
+
+  In this more advanced episode, we explain how to use warp-diag files to identify and resolve connection issues with the WARP client. You will learn how to locate and interpret three key files: `warp-status`, `warp-settings`, and `daemon.log`. The video also provides troubleshooting tips including specific keyword searches and guidance on how to cross-reference logs to identify a bigger picture of the problem.
+
+    <Card>
+        <Stream
+        id="c29964ab3dcf7c3432ebb2b4e93c3aca"
+        title="WARP diagnostic logs"
+        thumbnail="https://pub-d9bf66e086fb4b639107aa52105b49dd.r2.dev/Warp-diagnostics%20thumbnail.png"
+        showMoreVideos={false}
+        chapters={{
+          "Introduction": "0s",
+          "What are warp-diag files?": "44s",
+          "How to download and navigate warp-diag files": "1m16s",
+          "warp-status.txt": "2m06s",
+          "warp-settings.txt": "2m29s",
+          "daemon.log": "3m37s",
+          "Addition tips": "8m07s",
+          "Conclusion": "8m43s",
+        }}
+      />
+
+      **Related content**
+
+      Explore the following resources on WARP, device profiles, operating modes, and split tunneling:       
+      
+        - [Introduction to Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/)  
+        - [Troubleshooting WARP](/cloudflare-one/connections/connect-devices/warp/troubleshooting/)  
+    </Card>
+  </TabItem>
+
+  <TabItem label="Series overview">
+    <Render file="warp-series-navigation" />
+  </TabItem>
+</Tabs>

src/content/docs/logs/reference/custom-fields.mdx

@@ -189,9 +189,50 @@ Perform the following steps to create the rule:
    }
    ```
 
+#### Record duplicate response header values
+
+Some headers sent from the origin — such as `set-cookie` — may have multiple values that you want to capture. You can use the Rulesets API to specify which headers should have all their values logged.
+
+   ```bash
+curl --request PUT \
+  --url https://api.cloudflare.com/client/v4/zones/{{ZONE_TAG}}/rulesets/{{RULE_ID}} \
+  --header 'content-type: application/json' \
+  --header 'x-auth-email: {{EMAIL}}' \
+  --header 'x-auth-key: {{API_KEY}}' \
+  --data '{
+  "rules": [
+    {
+      "action": "log_custom_field",
+      "expression": "true",
+      "description": "Set Logpush custom fields for HTTP requests",
+      "action_parameters": {
+        "response_fields": [
+          {"name": "set-cookie", "preserve_duplicates": true}
+        ]
+      }
+    }
+  ]
+}'
+```
+
+Note that `preserve_duplicates` applies to both `response_fields` and `raw_response_fields`. If there are no transform rules that affect a header, including `preserve_duplicates` in either `response_fields` or `raw_response_fields` should achieve the same result.
+
+In this example, all values of the `set-cookie` headers will be logged. They will appear as an array of string values under `ResponseFields`, for example: 
+
+   ```json
+{
+  …
+  “ResponseFields”: {
+    “set-cookie”: [“name1=val1”, “name2=val2”...]
+  }
+}
+```
+
+You can use a worker or custom logic at your logpush destination to extract these values.
+
 ### 2. Include the custom fields in your Logpush job
 
-Next, include `Cookies`, `RequestHeaders`, and/or `ResponseHeaders`, depending on your custom field configuration, in the list of fields of the `output_options` job parameter when creating or updating a job. The logs will contain the configured custom fields and their values in the request/response.
+Next, include `Cookies`, `RequestHeaders`, `ResponseHeaders`, and/or `ResponseFields`, depending on your custom field configuration, in the list of fields of the `output_options` job parameter when creating or updating a job. The logs will contain the configured custom fields and their values in the request/response.
 
 For example, consider the following request that creates a job that includes custom fields:
 
@@ -230,6 +271,5 @@ If you are a Cloudflare Access user, as of March 2022 you have to manually add t
 ## Limitations
 
 - Custom fields allow 100 headers per field type — this applies separately to `request_fields`, `transformed_request_fields`, `response_fields`, `raw_response_fields`, and `cookie_fields`.
-- For headers which may be included multiple times (for example, the `set-cookie` response header), a custom field will only log the first instance of the header. Subsequent headers of the same type will be ignored.
 - The request header `Range` is currently not supported by Custom Fields.
 - Transformed and raw values for request and response headers are available only via the API and cannot be set through the UI.