To make the Login redirect request more secure if OX runs in insecure mode the IP check for that request can be enabled by a separate switch.

The following option is added to

/opt/open-xchange/etc/groupware/login.properties:

# This option has only an effect if com.openexchange.ajax.login.insecure is configured to true.
# This option allows to enable the IP check for /ajax/login?action=redirect requests. This request is mostly used to create a session
# without using the OX web UI login screen. The previous behavior allowed to change the IP for this request. Configure this option to false
# to have an IP check during this request. Additionally you can white list IP addresses from that an IP change is still allowed. This is
# useful if other systems in the infrastructure around OX want to create the session.
com.openexchange.ajax.login.redirect.changeIPAllow ed=true