[Ref Architecture] Remove trailing spaces (#21195)

Author: vil02

src/content/docs/reference-architecture/architectures/load-balancing.mdx

@@ -698,7 +698,7 @@ Endpoint draining is only applicable for session affinity because without sessio
 
 ##### Zero-downtime failover
 
-Zero-downtime failover automatically sends traffic to endpoints within an endpoint pool during transient network issues. <Render file="zero-downtime-failover-retry-on-error" product="fundamentals" /> 
+Zero-downtime failover automatically sends traffic to endpoints within an endpoint pool during transient network issues. <Render file="zero-downtime-failover-retry-on-error" product="fundamentals" />
 These response codes are not returned from the endpoint, but from requests made by upstream Cloudflare services to an organization's endpoints.
 
 Zero-downtime failover has three modes of operation:

src/content/docs/reference-architecture/design-guides/leveraging-cloudflare-for-your-saas-applications.mdx

@@ -21,7 +21,7 @@ Also, a customer of your application might wish to have their main website domai
 
 Many SaaS applications have caching and security solutions, such as Cloudflare, in front of their applications and as such need to onboard these hostnames. This is often done using a "Zone" model, where inside Cloudflare, or another vendor such as AWS Cloudfront, a "Zone" is created for `app.customer.com`. This means that, as each new customer is onboarded, a new "Zone" must be created - this might be manageable in the tens and hundreds of customers but, when you get to thousands and millions, management of all these zones and their configurations is hard.
 
-Cloudflare for Platforms extends far beyond this traditional model of most edge providers, by managing traffic across many hostnames and domains in one "Zone". You can now manage `www.customer1.com` and `www.customer2.net`, and millions more hostnames, through the same configuration while also customizing features as needed. 
+Cloudflare for Platforms extends far beyond this traditional model of most edge providers, by managing traffic across many hostnames and domains in one "Zone". You can now manage `www.customer1.com` and `www.customer2.net`, and millions more hostnames, through the same configuration while also customizing features as needed.
 
 This document provides a reference and guidance for using Cloudflare for Platforms. The document is split into three main sections.
 

src/content/docs/reference-architecture/design-guides/streamlined-waf-deployment-across-zones-and-applications.mdx

@@ -11,7 +11,7 @@ updated: 2024-12-11
 
 Security perimeters have become less defined compared to the traditional "Castle and Moat" deployments that were popular in the past. Within a fixed perimeter, it was relatively easier to secure multiple applications using a single Web Application Firewall (WAF) deployment inside a datacenter. Today this approach does not provide enough flexibility as applications and services expand beyond the traditional datacenter. There are several good reasons to configure networks and services in a hybrid approach and to adopt SaaS platforms, so it is valuable to update the WAF approach to cover this scenario.
 
-Cloud-based WAF solutions can control the perimeter sprawl with a flexible deployment model that covers applications and services deployed on-premises, on cloud-based IaaS and PaaS environments, and in hybrid environments. 
+Cloud-based WAF solutions can control the perimeter sprawl with a flexible deployment model that covers applications and services deployed on-premises, on cloud-based IaaS and PaaS environments, and in hybrid environments.
 
 At the same time, an incorrect implementation of a cloud-based WAF can lead to security policy fragmentation and duplication, causing increased overheads both in maintenance and in monitoring. Aside from the clear economic impact that such inefficiencies bring, the lower efficiency can also degrade the security posture itself. This ultimately can lead to security incidents of varying degrees of severity depending on the scenario.
 
@@ -23,7 +23,7 @@ Cloudflare offers comprehensive Application Security & Performance solutions, wh
 
 In this guide, you will learn:
 
-* How to implement the Cloudflare WAF and factor common rules. 
+* How to implement the Cloudflare WAF and factor common rules.
 * How to easily implement common configurations across multiple applications.
 * How to deploy exceptions and specific configurations when needed.
 * What are the best practices to follow when deploying the Cloudflare WAF.
@@ -96,7 +96,7 @@ Let's visualize the complete configuration in the below diagram:
 
 ![Diagram depicting the implemented WAF configuration at the account level](~/assets/images/reference-architecture/streamlined-waf-deployment-across-zones-apps/diagram-3.svg "Figure 3: The Account WAF implementation to protect multiple applications across different hostnames with repeatable configurations.")
 
-This setup will provide three instances of the Managed Ruleset, calibrated for each application group. 
+This setup will provide three instances of the Managed Ruleset, calibrated for each application group.
 
 If you have additional applications to be protected in the future, it is sufficient to include the new application FQDN to the filter expression. Generally, most will be added to the standard ruleset instance that is using the recommended Cloudflare configuration. Another common strategy is to add new applications to the `Log` mode instance, so that it can be monitored and eventually transitioned to the `Default` mode ruleset or to a more specific variation if required.
 
@@ -115,7 +115,7 @@ If this is your scenario, you can simplify the above setup in the following way
 This approach can be simpler when there are few exceptions to the norm, and when the initial calibration confirms that the fine tuning already done by Cloudflare to minimize false positives is appropriate in your situation.
 
 ### Using Lists
-Cloudflare provides the ability to create [lists of hostnames](/waf/tools/lists/create-dashboard/). In this case, the Filter expression can be changed to reference such list variables. 
+Cloudflare provides the ability to create [lists of hostnames](/waf/tools/lists/create-dashboard/). In this case, the Filter expression can be changed to reference such list variables.
 
 You can then update the lists directly and re-use them across multiple rulesets. For example, use the same list for the Cloudflare Managed Rules and also for the OWASP Ruleset and Rate Limiting. Your filters [will reference the lists directly](/waf/tools/lists/use-in-expressions/), meaning a cleaner and maintainable configuration.
 

src/content/docs/reference-architecture/diagrams/ai/bigquery-workers-ai.mdx

@@ -18,7 +18,7 @@ updated: 2024-10-26
 
 ## Introduction
 
-You can connect a Cloudflare Worker to get data from Google BigQuery and pass it to Workers AI, to run AI Models, powered by serverless GPUs. This will allow you to enhance data with AI-generated responses, such as detecting the sentiment score of some text or generating tags for an article. This document describes a simple way to get started if you are looking to give Workers AI a try and see how the [new and different AI models](/workers-ai/models/) would perform with your data hosted in BigQuery. 
+You can connect a Cloudflare Worker to get data from Google BigQuery and pass it to Workers AI, to run AI Models, powered by serverless GPUs. This will allow you to enhance data with AI-generated responses, such as detecting the sentiment score of some text or generating tags for an article. This document describes a simple way to get started if you are looking to give Workers AI a try and see how the [new and different AI models](/workers-ai/models/) would perform with your data hosted in BigQuery.
 
 ## User-based approach
 
@@ -46,7 +46,7 @@ For periodic or longer workflows, you may opt for a batch approach. This diagram
     * Into [D1](/d1/), a SQL database.
     * If in step four you used Workers AI to generate embeddings, you can store them in [Vectorize](/vectorize/). To learn more about this type of solution, please consider reviewing the reference architecture diagram on [Retrieval Augmented Generation](/reference-architecture/diagrams/ai/ai-rag/).
     * To [Workers KV](/kv/) if the output of your data will be stored and consumed in a key/value fashion.
-    * If you prefer to save the data fetched from BigQuery and Workers AI into objects (such as images, files, JSONs), you can use [R2](/r2/), our egress-free object storage to do so. 
+    * If you prefer to save the data fetched from BigQuery and Workers AI into objects (such as images, files, JSONs), you can use [R2](/r2/), our egress-free object storage to do so.
 6. You can set up an integration so a system or a user gets notified whenever a new result is available or if an error occurs. It's also worth mentioning that Workers by themselves can already provide additional [observability](/workers/observability/).
     * Sending an email with all the data retrieved and generated in the previous step is possible using [Email Routing](/email-routing/email-workers/send-email-workers/).
     * Since Workers allows you to issue HTTP requests, you can notify a webhook or API endpoint once the process finishes or if there's an error.
@@ -59,10 +59,10 @@ For periodic or longer workflows, you may opt for a batch approach. This diagram
 - [Workers: Cron Triggers](/workers/runtime-apis/handlers/scheduled/)
 - [Email Routing](/email-routing/email-workers/send-email-workers/)
 - [Create a GCP service account](https://cloud.google.com/iam/docs/service-accounts-create#iam-service-accounts-create-console)
-- [Create a GCP service account key](https://cloud.google.com/iam/docs/keys-create-delete#iam-service-account-keys-create-console) 
+- [Create a GCP service account key](https://cloud.google.com/iam/docs/keys-create-delete#iam-service-account-keys-create-console)
 - [Retrieval Augmented Generation (RAG) Reference Architecture](/reference-architecture/diagrams/ai/ai-rag/)
-- [Vectorize](/vectorize/) 
-- [Workers KV](/kv/) 
-- [R2](/r2/) 
-- [D1](/d1/) 
+- [Vectorize](/vectorize/)
+- [Workers KV](/kv/)
+- [R2](/r2/)
+- [D1](/d1/)
 

src/content/docs/reference-architecture/diagrams/network/bring-your-own-ip-space-to-cloudflare.mdx

@@ -22,7 +22,7 @@ For example, partners or other B2B relationships may use the public IP space own
 
 The default behavior when a DNS query is made to a Cloudflare proxied hostname will be to return one of Cloudflare's [default anycast IP addresses](https://www.cloudflare.com/ips/). The traffic is then accelerated, protected, and, if not served by Cloudflare cache, sent to the customer's origin server.
 
-In the diagram below, instead of the default behavior, traffic will proxy through Cloudflare's application services platform but DNS queries will return an IP address that is owned by the customer while also benefiting from Cloudflare's anycast network. 
+In the diagram below, instead of the default behavior, traffic will proxy through Cloudflare's application services platform but DNS queries will return an IP address that is owned by the customer while also benefiting from Cloudflare's anycast network.
 
 There are two different network ranges used in this example:
 

src/content/docs/reference-architecture/diagrams/sase/augment-access-with-serverless.mdx

@@ -14,9 +14,9 @@ import { RelatedProduct, LinkCard} from "~/components";
 
 ## Introduction
 
-Companies using Zero Trust Network Access (ZTNA) services build policies to determine if a user can access a protected resource such as a privately hosted Wiki server or source code repository. Policies typically use group membership, authentication methods, device security posture to determine which users can access which resources. 
+Companies using Zero Trust Network Access (ZTNA) services build policies to determine if a user can access a protected resource such as a privately hosted Wiki server or source code repository. Policies typically use group membership, authentication methods, device security posture to determine which users can access which resources.
 
-Secure access requires a range of attributes being available to the policy engine for evaluation. With Cloudflare's ZTNA service, [Access](/cloudflare-one/policies/access/), it is possible to include in the policy an external request to another API that provides part of the data required for the access decision. 
+Secure access requires a range of attributes being available to the policy engine for evaluation. With Cloudflare's ZTNA service, [Access](/cloudflare-one/policies/access/), it is possible to include in the policy an external request to another API that provides part of the data required for the access decision.
 
 For example, you might have a policy which states all members of the group "Engineers", who have authenticated with credentials that required a hard token, can have access to the self-hosted source code repository. But you also want to only allow engineers who have completed security training. That data might be available in another system, so Cloudflare allows you to, as part of the policy check, make a call using [Workers](https://workers.cloudflare.com/) to the training system to determine if this user has passed security training.
 
@@ -64,7 +64,7 @@ The code typically makes calls to either a [database](/d1/) or another API to ev
 
 ### 2. Analyze and validate the authentication material (JWT)
 
-When a user successfully authenticates and is authorized to access a protected application, Cloudflare inserts a [JSON Web Token (JWT)](/cloudflare-one/identity/authorization-cookie/validating-json/) into the HTTP traffic sent to the origin. This token serves as a valuable asset for expanding custom business logic through secure processing. The format for that JWT is deterministic and rather lightweight to avoid overloading the requests towards origin unnecessarily. 
+When a user successfully authenticates and is authorized to access a protected application, Cloudflare inserts a [JSON Web Token (JWT)](/cloudflare-one/identity/authorization-cookie/validating-json/) into the HTTP traffic sent to the origin. This token serves as a valuable asset for expanding custom business logic through secure processing. The format for that JWT is deterministic and rather lightweight to avoid overloading the requests towards origin unnecessarily.
 
 Here is an example of a JWT sent to an origin (use [JWT.io](http://jwt.io) to read the contents of a JWT)
 

src/content/docs/reference-architecture/diagrams/serverless/programmable-platforms.mdx

@@ -60,7 +60,7 @@ For many use cases, it makes sense to retrieve additional metadata, user data, o
 
 ![Figure 3: Workers for Platforms: Egress Control](~/assets/images/reference-architecture/programmable-platforms/programmable-platforms-3.svg "Figure 3: Workers for Platforms: Egress Control")
 
-Data observability and control is crucial for security. [Outbound Workers](/cloudflare-for-platforms/workers-for-platforms/configuration/outbound-workers/) allow for interception of all outgoing requests in User Worker scripts. 
+Data observability and control is crucial for security. [Outbound Workers](/cloudflare-for-platforms/workers-for-platforms/configuration/outbound-workers/) allow for interception of all outgoing requests in User Worker scripts.
 
 1. **Worker Invocation**: Route requests to the appropriate User Worker in the Dispatch Namespace. Optionally pass additional parameters to the Outbound Worker during User Worker invocation.