From 8be13cb67dd17ea01ff77360980db4b0ed705596 Mon Sep 17 00:00:00 2001
From: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
Date: Wed, 10 Mar 2021 09:46:20 -1000
Subject: [PATCH] Update cors.md (#21746)

* Update cors.md

* Update cors.md
---
 aspnetcore/security/cors.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aspnetcore/security/cors.md b/aspnetcore/security/cors.md
index b845d60d2d..10afece452 100644
--- a/aspnetcore/security/cors.md
+++ b/aspnetcore/security/cors.md
@@ -54,7 +54,7 @@ There are three ways to enable CORS:
 Using the [[EnableCors]](#attr) attribute with a named policy provides the finest control in limiting endpoints that support CORS.
 
 > [!WARNING]
-> <xref:Owin.CorsExtensions.UseCors%2A> must be called before <xref:Microsoft.AspNetCore.Builder.ResponseCachingExtensions.UseResponseCaching%2A> when using `UseResponseCaching`.
+> <xref:Owin.CorsExtensions.UseCors%2A> must be called in the correct order. For more information, see [Middleware order](xref:fundamentals/middleware/index#middleware-order). For example, `UseCors` must be called before <xref:Microsoft.AspNetCore.Builder.ResponseCachingExtensions.UseResponseCaching%2A> when using `UseResponseCaching`.
 
 Each approach is detailed in the following sections.