At present there is no way to use CORS to allow cross domain GWT RPC calls. The only way to do CORS is to do JSON and roll-it-yourself RPC solutions. There needs to be either a mechanism that allows the overriding GWT rpc class to add the header "Access-Control-Allow-Origin" or some sort of more specific method with granular control such as RemoteServiceServlet.addAllowedDomain(String domain) that would do this for the class user.

It would be trivial to add if the class could be meaningfully subclasses as well (in a way that allows the user to override doPost for example).

YOu can provide the RequestBuilder to GWT RPC and set custom urls fine.