I ran into a unique situation where I needed to load the tinyMCE richtext editor outside the webtop in a Farcry 6 site. I was developing a forum script where users who logged in (but did not have webtop admin permissions) were able to post simple forum messages. The code for that looked like this:
<ft:object objectid="" typename="tfMessage" lfields="title,message" lhiddenFields="" legend="Forum Message" />
<ft:button value="Save" color="orange" />
<ft:button value="Cancel" validate="false" />
The "message" field was the one in question. Whenever I was logged into the forum as a user with webtop permissions, the rich text editor loaded up just fine. However, when using a user that did not have webtop permissions, it failed again and again. I eventually tracked the code down to a file being called (/webtop/thirdparty/tiny_mce/tiny_mce_gzip.cfm) which loads up gzipped .js files needed for the editor. Even attempting to call this file triggered webtop security and a redirect to the login page, so rather than loading a script as was expected, it was loading up the login page via an ajax call and the editor errored out, leaving just the textarea.
My fix is undocumented in farcry and may not be the best fix for the situation but was the only one I could come up with for this. The webtop's Application.cfc file sets up a request scope and then checks security. Before checking security it ends up calling the projects _serverSpecificRequestScope.cfm file. So, here's the fix:
In /webtop/Application.cfc, add these lines to the OnRequestStart method toward the top:
<!--- Param override security to false --->
<cfset request.fc.overrideWebtopSecurity = false />
Then, change the following line (26 in my file):
<cfif not findNoCase( "login.cfm", cgi.script_name )>
<cfif not findNoCase( "login.cfm", cgi.script_name ) AND NOT request.fc.overrideWebtopSecurity>
By default this will do nothing. However, this gives you the ability to override webtop security for certain files as needed. In _serverSpecificRequestScope.cfm, add the following lines:
<cfset request.fc.overridewebtopsecurity = true />
Now you have overridden the security in the webtop for this single file, allowing the richtext editor to be displayed outside the webtop. I emailed the farcry-dev list asking that this be included in a future version. Not sure if that will happen or not but I'm hopeful.