JAX-RS users should ask how they can handle CORS if the need arises. The answer to this question is that while most JAX-RS providers may not yet support CORS out of the box, it is pretty easy to handle this yourself using JAX-RS 2 server-side filters. Max Lam does a very nice job showing you how in a code-intensive blog entry. The entry is actually a nice demonstration of JAX-RS 2 filters in action in the real world.
Perhaps JAX-RS 2.1 could explore built-in CORS support as a possibility?