[API Shield] SV2 OAS support map (#16994)

* oas support map

* space

* hl fix

* space again

* pcx review

src/content/docs/api-shield/security/schema-validation/index.mdx

@@ -155,10 +155,95 @@ OpenAPI schemas generated by different tooling may not be specific enough to imp
 
 ## Limitations
 
-Currently, API Shield cannot validate some features of API schemas, including the following: all responses, external references, non-basic path templating, or unique items.
+Schema Validation supports [OpenAPI Version 3.0.x schemas](https://spec.openapis.org/oas/v3.0.3). OpenAPI 3.1 is not supported yet, and we do not plan to expand support for OpenAPI 2.0. 
+
+Currently, API Shield does not support some features of API schemas, including the following: all responses, external references, non-basic path templating, or unique items.
 
 There is a limit of 10,000 total operations for enabled schemas.
 
+### Required fields
+
+Although not strictly required by the OpenAPI specification, Schema Validation strictly requires these fields.
+
+#### `schema`
+
+- [`type`](https://spec.openapis.org/oas/v3.0.3#schema-object)
+   - All schemas require a type to be set. If the specific type is not supported by Schema Validation, it is usually best to simply set the type to `string` instead.
+
+#### `parameter`
+
+- [`schema`](https://spec.openapis.org/oas/v3.0.3#schema-object)
+   - Schema Validation does not support the content field in parameters. For more details, refer to the [notes on validated and supported fields](#notes-on-validated-and-supported-fields) below. Instead, a schema is strictly required on all parameters objects.
+
+### Notes on validated and supported fields
+
+Refer to the information below for more details on Schema Validation's current support for various OpenAPI specification (OAS) objects and fields.
+
+#### `servers`
+
+- [`url`](https://spec.openapis.org/oas/v3.0.3#server-object)
+   - Schema Validation does not support relative URLs.
+- [`variables`](https://spec.openapis.org/oas/v3.0.3#server-variable-object)
+   - Server variables are not validated.
+
+#### `parameter`
+
+- [`style`](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - Only the default values are supported: `"simple"` (path or header parameters) and `"form"` (query or cookie parameters).
+- [`explode`](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - Only the default values are supported: `true` (for form) and `false` (for simple).
+- [`content`](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - The content field is not supported in parameters. Use the schema field instead.
+- [`type`](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - Cloudflare currently does not validate object type parameters.
+
+#### `reference`
+
+- [`$ref`](https://spec.openapis.org/oas/v3.0.3#reference-object)
+   - External or relative references are not supported.
+
+#### `requestBody`
+
+- `content`
+   - [Request Body Object](https://spec.openapis.org/oas/v3.0.3#request-body-object)
+   - [Media Type Object](https://spec.openapis.org/oas/v3.0.3#media-type-object)
+      - Schema Validation is able to validate `application/json` documents. If a given schema allows other content types, Schema Validation will accept those requests without validation.
+
+#### `parameter/schema`
+
+- `anyOf`
+   - [Parameter Object](https://spec.openapis.org/oas/v3.0.3#parameter-object)
+   - [Schema Object](https://spec.openapis.org/oas/v3.0.3#schema-object)
+      - `anyOf` schemas are currently not supported in parameter schemas.
+
+#### `schema`
+
+- [`format`](https://spec.openapis.org/oas/v3.0.3#schema-object)
+   - Validated formats:
+     - `date-time`
+     - `time`
+     - `date`
+     - `email`
+     - `hostname`
+     - `ipv4`
+     - `ipv6`
+     - `uri`
+     - `uri-reference`
+     - `iri`
+     - `iri-reference`
+     - `int32`
+     - `int64`
+     - `float`
+     - `double`
+     - `password`
+     - `uuid`
+   - Soon to be validated formats:
+     - `byte`
+     - `uint64`
+
+- [`uniqueItems`](https://spec.openapis.org/oas/v3.0.3#schema-object)
+   - This field is currently not validated by Schema Validation.
+
 ## Body inspection
 
 API Shield has the ability to identify body specifications contained in uploaded schemas and validate that the data of incoming API requests adheres to them.