Upgrade to 3.0.2

kirby/src/Cms/Auth.php

@@ -69,8 +69,8 @@ class Auth
             throw new InvalidArgumentException('Invalid authorization header');
         }
 
-        // only allow basic auth when https is enabled
-        if ($request->ssl() === false) {
+        // only allow basic auth when https is enabled or insecure requests permitted
+        if ($request->ssl() === false && $this->kirby->option('api.allowInsecure', false) !== true) {
             throw new PermissionException('Basic authentication is only allowed over HTTPS');
         }