Hixie added CORS support to the EventSource spec. It definitely sounds like something we should implement. It should be relatively easy now that we've refactored the CORS code for img@crossorigin.
Perhaps this bug should be marked as a duplicate of http://webkit.org/b/61862.
*** This bug has been marked as a duplicate of bug 61862 ***