If you are using a local development server, it will most probably use http and not https.

For security reasons, the Scrivito UI at edit.scrivito.com is only available on https. With most browsers, you will see a warning or an error concerning ‘‘mixed content’’ or ‘‘insecure content’’ if you access a location using both https and http.

You can resolve this by instructing your browser to allow edit.scrivito.com to access your development server. In Chrome, it just takes a few clicks to enable access to the unencrypted content from your development server. There is a good description of how this can be achieved on howtogeek.com.

Note that using http is safe for a local development server. In this environment, encryption is unnecessary since the traffic between your local server and your local browser never leaves your machine. However, when accessing a remote website, we strongly advise you to always use https.

Alternatively, you can, of course, also change your local development setup so that it uses https (e.g. using a self-signed certificate). As an example, take a look at how to run the webpack DevServer with https.