I guess you are referencing Andre Fischer's comment that "CORS is not supported by the SAP NetWeaver stack. You would have to use a reverse proxy instead."
Is it possible to drop down to the Apache configuration level and configure CORS behavior by doing the following?
- Disabling authentication on OPTIONS using <LimitExcept> (see http://serverfault.com/questions/684855/disable-authentication-for-http-options-method-preflight-request).
- Adding a custom Response Header that inserts the Access-Control-Allow-Origin header (see http://alextsilverstein.com/programming-and-development/quick-apache-tip-add-a-custom-http-response-header/).