I’d like to password protect my two development versions (“version-test” and one other development version) and leave my live site public.
When I select “Limit access to this app with a username and password”, and “Only apply in development mode”, it password protects my “version-test”, but not the other development version.
I’m not sure whether this is a bug or intended behavior.
Ping on this question. Are we limited to having just one private development branch when our app is public?
Agreed… this is annoying, and slightly odd… being able to password protect one dev version but not others makes no sense…
Did you ever contact Bubble about this issue?
@Bubble
Is there any way to password protect sub development version?
If an unauthorized user knows the URL / name of the sub development version, he/she could access the site that supposed to be accessed by the site developer only.
Great question! The “Only apply in Development mode” setting indeed only applies run-mode protection to the app’s main Development version (when the URL includes /version-test/). When this setting isn’t applied, all of the app’s versions (Live, Development, and extra dev versions) will have run-mode protection enabled.
With that being said, having the ability to enable run mode protection on additional development versions but not the Live version is certainly very good idea. I’ve actually gone ahead and submitted this as a feature request to our Product Management team for further consideration.
I sincerely apologize for the limited information I’m able to provide here, but I hope this adds some clarification!
Thank you so much for your answer! 
My superior told me that there were cases before that the site customer accessed accidentally the additional development version instead of the live version and previously had an order. This is because the development version site is also being displayed as a result on search engines such as Google and Yahoo.
To prevent this issue in the future, also to ensure the extra dev version’s security, I hope that this feature will be added officially. 
Thank you for that. To me this doesn’t seem like an extra feature we are asking for. It seems like it is currently broken. Once an app is taking users, it doesn’t make sense that we can’t restrict users on additional development versions without also disabling our live app.
@erika.fukuda.dn In the meantime, if you have a long-running development version that isn’t named “version-test” you can exclude it from being crawling by search engine bots in the custom robots.txt file in SEO/metatags settings. The settings default to adding “Disallow: /version-test/” for you. You can add “Disallow: /version-whateverthenameis/” on the line below. That might help with the search engine results problem.
@audrey2
Oh, thank you! 
I’ll implement this one, but on which version’s setting should I place this code? On the additional development version’s setting only?
@erika.fukuda.dn I’m sorry that I missed this. I don’t know exactly how the crawlers work but I don’t think it hurts anything to include it in the settings for all versions.
It looks like this was fixed at some point. I’m prompted for a password on both of my development versions now.
