Latest android Joplin began to fail WebDav synchronization

Today Android version 1.0.308 began to fail to synchronize saying “unauthorized”:

PROPFIND .lock: Unknown error 2 (401): <!DOCTYPE…

Credentials are fine, I did not change anything in settings, but I remember upgrading android app at morning, nothing else was changed. Linux version 1.0.167 and terminal version 1.0.146 are still synchronizing just fine.

WebDav server logs during android’s version sync: - rm-joplin [14/Oct/2019:13:18:44 +0300] "MKCOL /rm-joplin/.sync/ HTTP/1.0" 405 299 "-" "okhttp/3.12.1" - rm-joplin [14/Oct/2019:13:18:45 +0300] "MKCOL /rm-joplin/.lock/ HTTP/1.0" 405 299 "-" "okhttp/3.12.1" - rm-joplin [14/Oct/2019:13:18:45 +0300] "MKCOL /rm-joplin/.resource/ HTTP/1.0" 405 299 "-" "okhttp/3.12.1" - rm-joplin [14/Oct/2019:13:18:45 +0300] "PROPFIND /rm-joplin/.lock HTTP/1.0" 301 322 "-" "okhttp/3.12.1" - - [14/Oct/2019:13:18:45 +0300] "PROPFIND /rm-joplin/.lock/ HTTP/1.0" 401 458 "-" "okhttp/3.12.1" - rm-joplin [14/Oct/2019:13:18:49 +0300] "PROPFIND /rm-joplin/.lock HTTP/1.0" 301 322 "-" "okhttp/3.12.1" - - [14/Oct/2019:13:18:49 +0300] "PROPFIND /rm-joplin/.lock/ HTTP/1.0" 401 458 "-" "okhttp/3.12.1" - rm-joplin [14/Oct/2019:13:18:56 +0300] "PROPFIND /rm-joplin/.lock HTTP/1.0" 301 322 "-" "okhttp/3.12.1" - - [14/Oct/2019:13:18:56 +0300] "PROPFIND /rm-joplin/.lock/ HTTP/1.0" 401 458 "-" "okhttp/3.12.1" - rm-joplin [14/Oct/2019:13:19:06 +0300] "PROPFIND /rm-joplin/.lock HTTP/1.0" 301 322 "-" "okhttp/3.12.1" - - [14/Oct/2019:13:19:07 +0300] "PROPFIND /rm-joplin/.lock/ HTTP/1.0" 401 458 "-" "okhttp/3.12.1"

Then it times out with “Unauthorized” message. But according to apache’s logs basic auth 100% passed.

Android app log:

10-14T12:49:30,10,"""Error: PROPFIND .lock: Unknown error 2 (401): <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<title>401 Unauthorized</title>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<address>Apache/2.4.41 (Unix) Server at xxx Port 80</address>

Code: 401
construct@[native code]
callImmediates@[native code]
value@[native code]
value@[native code]""

Joplin needs permissions to create sub-directories within its directory so you might have to change permission settings somewhere to allow this.

Where to look for permissions and why it worked fine in previous version without them? It looks like horrible bug if app needs new permissions but does not request it…

Just checked Joplin’s application entry in android menu, it has three permissions – camera, location and memory. All three are enabled.

BTW, “Check synchronization configuration” button works.

Restored 1.0.307 from my nightly Titanium Backups, app + data. It works perfectly.

Something is broken in 1.0.308 version.

Failing also on Android version 1.0.310.
But I remember I have upgraded 4 days ago but just today this issue occurred for me.
The only difference - I’m aware of - is an update of already existing note.

I’m running docker image of apache+web_dav module and as reverse proxy + TLS terminator I’m running nginx.

What’s strange:

  • backend apache reports 301 for PROPFIND /.lock
  • nginx frontend reports 405 for PROPFIND /.lock
    anyway, other resources sync continues without the issue. Just the updated note is still old version on Android.

Maybe this issue was even before but I just didn’t update notes only added new ones, don’t remember…

Where I can find older mobile versions?

Have found older version at:

Uninstalled 1.0.310, installed 1.0.307 just to realized I have lost all my data on the phone.

Is there any way the Joplin mobile app could use some my custom folder and not unknown location I cannot copy before such activities?

1.0.310 did not fix the issue. Any ideas how to debug this issue further? My wife accidentally upgraded her Joplin and now she can’t sync. I’m still using 1.0.307, it syncs with the same server just fine as well as desktop and command line versions.

Installed 1.0.307 yesterday, run full sync during night (as uninstall of 1.0.310 removed all local notes on phone).

Now I’m checking HTTP requests during phone app sync.

Among ordinary GETs there are webdav specific requests.
1.0.310 is sending:

MKCOL /.sync/
MKCOL /.lock/
MKCOL /.resource/
PROPFIND /.lock/

1.0.307 is sending:

MKCOL /.sync/
MKCOL /.resource/

MKCOL is always failing with 405 but it’s fine as it tries to create directory and fails if exist already. It works as expected.

But PROPFIND /.lock is causing all issues. PROPFIND / is working fine.
The webdav backend (in my case apache+mod_dav) sends 301 for PROPFIND /.lock that is catched by reverse proxy (nginx in my case) and sending 405 to the client.

What I don’t understand is 301 code sent by my webdav server. By webdav specification, PROPFIND should return only codes 200, 403 and 404.
Or - if multiple objects was requested - code 207 and then in XML response there are codes 200/403/404 for each particular object.
Definitely have no idea why webdav server sends 301 for PROPFIND /.lock - I have default apache+mod_dav config from downloaded docker image from


@Rado1, your server redirects .lock to .lock/, which is useless, but it does it anyway. This causes an issue in Joplin (in iOS for sure but maybe in Android) too because when a request is redirected, the underlying network stack doesn’t forward the auth headers.

You might want to try the latest version 311, which fetches .lock/ directly, to see it solves your problem:

Interesting, my setup is almost the same – basic apache+webdav server and nginx frontend for SSL in two LXD containers. My apache and webdav are almost default from alpine linux image.

Many thanks. Will try version 311 this evening.
Anyway, I will try to remove this redirection on apache level as well (to avoid any issues in the future…)

Just tried 1.0.311, it works now. Thanks. Please, push this to the market.

1.0.311 works too for me.