CF7 working without WordPress REST API?

Hello.

I was having issues with Contact Form 7 because I was having a security plugin and configured it to block the WordPress REST API accesses for non logged in users.
This was causing troubles for the form to be sent, because I see that Contact Form 7 uses the REST API to send the form.

Is there a way to use CF7 without the REST API and just with sending the form to a classic page, maybe through an option in the plugin?

If not, would it be possible to add this option?

The reason is that I would prefer to close this REST API access as it is a source of supplementary security hole.
Using the REST API, it is like saying “Hey Apache, I don’t like your security measures to serve pages, I want wordpress to handle all security for accessing the site”. So the security level is transferred to the WordPress REST API rather than based on Apache settings, htaccess and so on.
Although it can be a good choice, it would be good to have an option that would allow to use normal pages for submitting, so that we can close this REST API, which for me is only needed for CF7.

Also, I think this test should be made in the check system that you implemented and that allows to tell if there is an error somewhere in the setup. Just checking that this REST URL is accessible from a non-logged in users could help overcome many issues with the form (I don’t know how you can test that from within the plugin as non-logged user as we need to be admin and hence logged in).

You can use AIO WP Security plugin to do those tests to block the REST api for non logged in users.