I have a case where I want the website to be live, but password-protected. Simply put, there are Facebook-related operations that do not play nicely with a local setup. Unfortunately, the radio app I’ve been developing will not play this music because the music is behind a password-protected folder. More specifically, mediaelement.js will not load the file since it cannot see if for whatever reason – probably security-related.

To get around this, I placed a .htaccess file in the subfolder in question. In the .htaccess file, I added one line:

Require all granted

I will keep this around during development, but remove it when the site goes live.  Thanks to the response to StackOverflow.