From 020c537c03b9f9dd1ca6cc2e6c2da9fb5da860c9 Mon Sep 17 00:00:00 2001
From: Rossen Stoyanchev <rstoyanchev@pivotal.io>
Date: Mon, 21 Jan 2019 09:47:30 -0500
Subject: [PATCH] Add note to CorsFilter section

Fixes #19841
---
 src/docs/asciidoc/web/webflux-cors.adoc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/docs/asciidoc/web/webflux-cors.adoc b/src/docs/asciidoc/web/webflux-cors.adoc
index 66d6e738d47..d981d41d2a9 100644
--- a/src/docs/asciidoc/web/webflux-cors.adoc
+++ b/src/docs/asciidoc/web/webflux-cors.adoc
@@ -233,6 +233,11 @@ You can apply CORS support through the built-in
 {api-spring-framework}/web/cors/reactive/CorsWebFilter.html[`CorsWebFilter`], which is a
 good fit with <<webflux-fn,functional endpoints>>.
 
+NOTE: If you try to use the `CorsFilter` with Spring Security, keep in mind that Spring
+Security has
+https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#cors[built-in support]
+for CORS.
+
 To configure the filter, you can declare a `CorsWebFilter` bean and pass a
 `CorsConfigurationSource` to its constructor, as the following example shows: