I’ve been testing my sites out with the WP 5.6 RC2 release (using the staging version of each site). Some background: All my staging sites are protected with site wide basic auth so only my team and myself can access them.
Anyway, on one particular site I’ve noticed that when I submit a contact form (provided by the Contact Form 7 plugin) as an anonymous user I get a 401 invalid_username response. This seems to be due to the rest api using the info in my basic auth header for an application password (it doesn’t even make it to the Contact Form 7’s API route before failing). Is there a way to stop application passwords from automatically using the basic auth information or do I have to disable application passwords entirely?