In Apache Airflow < 1.10.12, the «origin» parameter passed to some of the endpoints like ‘/trigger’ was vulnerable to XSS exploit.
