update bypass localhost HTTPS security issues for Edge browser

CONTRIBUTING.md

@@ -60,6 +60,28 @@ Warning: Cannot update during an existing state transition (such as within `rend
 
 You can safely ignore these -- those won't show up to users on the production site.
 
+## Bypassing localhost HTTPS security issues
+
+For testing in the web browser (whether standalone or in Office Online) in Chrome, you can bypass the "insecure localhost" by enabling this setting: <chrome://flags/#allow-insecure-localhost>
+
+For testing on a PC version of Office, you _could_ trust the certificates from within Internet Explorer. However, new certs get generated every time that you run `npm run start`, so trusting them over and over again is tedious. If you're only interested in making changes to code that runs inside the taskpanes (which is what you will be doing 99% of the time for any Editor/Runner changes, unless you're debugging something to do with "functions.html" and the other ribbon buttons), you can just click through the "This site is not secure" warning and choose "Go on to the website (not recommended)" option.
+
+![Proceed through "This site is not secure"](.github/images/site-not-secure.png).
+
+If you _do_ need to trust the certificates, see below for a step-by-step animation. But be aware that you'll keep having to repeat these steps... The sites you'd need to trust are <https://localhost:3000> (editor) and <https://localhost:3200> (runner).
+
+![Trust SLL instructions](.github/images/trust-ssl-internet-explorer.gif).
+
+## Bypassing localhost HTTPS security issues 2
+
+The method above might not work on current Edge browsers, you can have a try on the following way:
+
+![Not secure for Edge browser](.github/images/NotSecureForEdge.png).
+1. click the "Not secure" assert and export the insecure certificate from localhost
+2. install the certificate downloaded on your station
+3. restart your local station and refresh the localhost web
+4. If still doesn't work, please have a try again. Not that the duration for this installed certificate is one month.
+
 ## Testing inside of an add-in
 
 The **easiest** option is to install the **Store** version of the add-in (get it from <https://aka.ms/getscriptlab>). Then, using the dropdown on bottom left when in the Settings mode, switch to alpha -- and **from alpha, to localhost**. Note that the localhost option will only show up if you're in alpha (or already on localhost). The steps are akin to what's [described in the README](README.md#2017) for switching to Script Lab 2017, except choosing "Alpha" and then "localhost:3000" instead.