Yesterday I had a conversation with our specialists. In short, they continue to view the implementation of custom widgets on the public cloud critically, even increasingly critically for security reasons. 

The background: the implementation of the widgets contradicts the "Same-Origin-Policy (SOP)" and would then be leveraged by "Cross-Origin Resource Sharing (CORS)". 

This raises the question of the extent to which DS supports CORS and how DS generally addresses this issue on the public cloud.