Currently OPTIONS requests on resources are not handled by Spring Data REST.
Firefox and Chrome will send an OPTIONS request to a resource if it is on another domain to evaluate the Access-Control-Allow-* headers. Those headers can be set with a filter in a Spring web environment, but since Spring Data REST does not register a handler method for OPTIONS that does not really help.
You might wanna have a look at the discussion in SPR-9278. It basically demonstrates how to implement it currently. Using a filter has the advantage that the controller doesn't have to expose a mapping for OPTIONS to make this work in the first place.
However, I am in the process of adding support for OPTIONS according to the general HTTP spec for the controllers we expose
I've implemented OPTIONS handlers for the root resource, collection and item resources as well as the search resource and query method resources. That in place should allow you to write a filter that handle CORS request correctly, right?