Usability issue with Featherwiki

Support
1

Problem Description

There’s a ~5 minute (300 seconds) timeout that occurs after a wiki page has been loaded that results in a 401 error when the “Save Wiki to Server” button is pressed. If the page is being edited, and edits are pending, they will be lost because a page refresh will not have pending edits saved.

Steps to Reproduce

  1. Open a wiki page
  2. Change to edit mode.
  3. make a change.
  4. Press “Save Wiki to Server” - “Saved.” notification popup.
  5. Change to edit mode agin.
  6. make another change (but don’t “Save Wiki to Server”)
  7. wait 300+ seconds
  8. Press “Save Wiki to Server”

Expected Results
Wiki page is saved successfully with all edits.

Actual results

result, notification popup:

Save failed! 401 Unauthorized

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required.

Apache/2.4.66 (Debian) Server at homenet.net Port 443

Screenshot

featherwiki-fail-error-msg
featherwiki-fail-error-msg458×395 60.5 KB

Information

  • FreedomBox version: v26.4.1
  • Hardware: Libre Crafts R7
  • How did you install FreedomBox?: ‘bought pre-installed hardware’

Additional Info
The notification error can be layered under some of the edit page UI.

featherwiki-fail-031526-crop
featherwiki-fail-031526-crop1585×755 198 KB

apache-access log of process:

Intial page load, edit\modification and “Save Wiki to Server”:

Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - "" [16/Mar/2026:17:44:50 -0400] "GET /featherwiki/home_network.html?page=email HTTP/2.0" 302 856 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/2010
0101 Firefox/146.0"
Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - - [16/Mar/2026:17:44:50 -0400] "GET /freedombox/apache/discover-idp/?target_link_uri=https%3A%2F%2Fhomenet.net%2Ffeatherwiki%2Fhome_network.html%3Fpage
%3Demail&method=get&oidc_callback=https%3A%2F%2Fhomenet.net%2Fapache%2Foidc%2Fcallback&x_csrf=SvQOgPnhAsc HTTP/2.0" 302 752 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"
Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - - [16/Mar/2026:17:44:50 -0400] "GET /apache/oidc/callback?iss=https%3A%2F%2Fhomenet.net%2Ffreedombox%2Fo&target_link_uri=https%3A%2F%2Fhomenet.net%2
Ffeatherwiki%2Fhome_network.html%3Fpage%3Demail&method=get&x_csrf=SvQOgPnhAsc&scopes=email+freedombox_groups HTTP/2.0" 302 1458 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"
Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - - [16/Mar/2026:17:44:50 -0400] "GET /freedombox/o/authorize/?response_type=code&scope=openid%20email%20freedombox_groups&client_id=apache&state=-OLqLvqZJh
MUFpBkMvXM7wWTwAU&redirect_uri=https%3A%2F%2Fhomenet.net%2Fapache%2Foidc%2Fcallback&nonce=WysIIvI-sCxVDW0PEo7DJ0PSCgRhtE5DX-nRdUvguBM&code_challenge=CDDx6N6tvDTj3XAAbLKKXLT93oypt3Ys9pZdfkENsP4&code_challenge_method=S256 HTTP/2.0" 302 1
16 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"
Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443 fbxserver - - [16/Mar/2026:17:44:50 -0400] "POST /freedombox/o/token/ HTTP/2.0" 200 1261 "-" "[fbxserver:443:11538] mod_auth_openidc-2.
4.17 libcurl-8.13.0 openssl-3.5.0"
Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443 fbxserver - - [16/Mar/2026:17:44:50 -0400] "GET /freedombox/o/userinfo/ HTTP/2.0" 200 571 "-" "[fbxserver:443:11538] mod_auth_openidc-2
.4.17 libcurl-8.13.0 openssl-3.5.0"
Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - wikiuser [16/Mar/2026:17:44:50 -0400] "GET /apache/oidc/callback?code=N16cAGZONkxSqCDynp4wLPucrLAuUp&state=-OLqLvqZJhMUFpBkMvXM7wWTwAU HTTP/2.0" 302 627 
"-" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"
Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - wikiuser [16/Mar/2026:17:44:50 -0400] "GET /featherwiki/home_network.html?page=email HTTP/2.0" 200 45639 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) G
ecko/20100101 Firefox/146.0"
Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - wikiuser [16/Mar/2026:17:44:50 -0400] "GET /featherwiki/suneditor-replacement.js HTTP/2.0" 200 1025 "https://homenet.net/featherwiki/home_network.html
?page=email" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"
Mar 16 17:44:50 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - wikiuser [16/Mar/2026:17:44:50 -0400] "OPTIONS /featherwiki/home_network.html HTTP/2.0" 200 147 "https://homenet.net/featherwiki/home_network.html?pag
e=email" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"
Mar 16 17:45:03 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - wikiuser [16/Mar/2026:17:45:03 -0400] "PUT /featherwiki/home_network.html HTTP/2.0" 204 95 "https://homenet.net/featherwiki/home_network.html?page=ema
il" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

…after 5 minutes, and pressing “Save Wiki to Server”:

Mar 16 17:50:29 freedombox apache-access[11535]: fbxserver:443  192.1.1.1 - - [16/Mar/2026:17:50:29 -0400] "PUT /featherwiki/home_network.html HTTP/2.0" 401 692 "https://homenet.net/featherwiki/home_network.html?page=email" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

Speculation:

It seems some authentication or authorization token is being expired\dropped or lost to the wiki app. It may also be the case that subsequent “Saves” after the initial successful save may return “Saved.”, but may not have actually saved the new changes. This remains under investigation.

Could this be related to the recent transition to OpenID Connect?

2

Here’s a formatted & annotated apache-access log, from selecting wiki, thru saving failure.

freedombox.srvr IPv6 address: 2001:2002:47f1:3ff1:c742:6574:dead:beef
wikiuser client machine IPv4 address: 192.168.1.100

selecting wiki (using Misc.html wiki, bc it uses stock editor):
Mar 18 09:30:32 freedombox apache-access[40327]: freedombox.srvr:443 192.168.1.100 - "" [18/Mar/2026:09:30:32 -0400] 
  "GET /featherwiki/Misc.html HTTP/2.0" 
     302 815 "https://freedombox.srvr/featherwiki/" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

Mar 18 09:30:32 freedombox apache-access[40327]: freedombox.srvr:443 192.168.1.100 - - [18/Mar/2026:09:30:32 -0400] 
  "GET /freedombox/apache/discover-idp/?target_link_uri=https%3A%2F%2Ffreedombox.srvr%2Ffeatherwiki%2FMisc.html&method=get&oidc_callback=https%3A%2F%2Ffreedombox.srvr%2Fapache%2Foidc%2Fcallback&x_csrf=wF1Tkg6QnEU HTTP/2.0" 
     302 736 "https://freedombox.srvr/featherwiki/" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

Mar 18 09:30:33 freedombox apache-access[40327]: freedombox.srvr:443 192.168.1.100 - - [18/Mar/2026:09:30:32 -0400] 
  "GET /apache/oidc/callback?iss=https%3A%2F%2Ffreedombox.srvr%2Ffreedombox%2Fo&target_link_uri=https%3A%2F%2Ffreedombox.srvr%2Ffeatherwiki%2FMisc.html&method=get&x_csrf=wF1Tkg6QnEU&scopes=email+freedombox_groups HTTP/2.0" 
     302 1438 "https://freedombox.srvr/featherwiki/" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

Mar 18 09:30:33 freedombox apache-access[40327]: freedombox.srvr:443 192.168.1.100 - - [18/Mar/2026:09:30:33 -0400] 
  "GET /freedombox/o/authorize/?response_type=code&scope=openid%20email%20freedombox_groups&client_id=apache&state=Xv8D_G7kk5zSVt_DgL7-lgxYTAY&redirect_uri=https%3A%2F%2Ffreedombox.srvr%2Fapache%2Foidc%2Fcallback&nonce=tN9Nj3Qdxo4fc9e1hkhn6CXxdWlKIz64FMGvrbFdsxc&code_challenge=iP4WXRt0VfQnkm-QMptxX6c2mHcITX2_5UBhOz6tEyw&code_challenge_method=S256 HTTP/2.0" 
     302 138 "https://freedombox.srvr/featherwiki/" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

Mar 18 09:30:33 freedombox apache-access[40327]: freedombox.srvr:443 2001:2002:47f1:3ff1:c742:6574:dead:beef - - [18/Mar/2026:09:30:33 -0400] 
  "POST /freedombox/o/token/ HTTP/2.0" 
     200 1261 "-" "[freedombox.srvr:443:40331] mod_auth_openidc-2.4.17 libcurl-8.13.0 openssl-3.5.0"

Mar 18 09:30:33 freedombox apache-access[40327]: freedombox.srvr:443 2001:2002:47f1:3ff1:c742:6574:dead:beef - - [18/Mar/2026:09:30:33 -0400] 
  "GET /freedombox/o/userinfo/ HTTP/2.0" 
     200 571 "-" "[freedombox.srvr:443:40331] mod_auth_openidc-2.4.17 libcurl-8.13.0 openssl-3.5.0"

** for some reason the previous 2 log entries are: a) server-to-server; b) reference the server's IPv6 address ** 


Mar 18 09:30:33 freedombox apache-access[40327]: freedombox.srvr:443 192.168.1.100 - wikiuser [18/Mar/2026:09:30:33 -0400] 
  "GET /apache/oidc/callback?code=PDYf6KfYoWTDTyj0xdz83F8TtrPzdY&state=Xv8D_G7kk5zSVt_DgL7-lgxYTAY HTTP/2.0" 
     302 594 "https://freedombox.srvr/featherwiki/" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

Mar 18 09:30:33 freedombox apache-access[40327]: freedombox.srvr:443 192.168.1.100 - wikiuser [18/Mar/2026:09:30:33 -0400] 
  "GET /featherwiki/Misc.html HTTP/2.0" 
     200 177523 "https://freedombox.srvr/featherwiki/" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

Mar 18 09:30:33 freedombox apache-access[40327]: freedombox.srvr:443 192.168.1.100 - wikiuser [18/Mar/2026:09:30:33 -0400] 
  "OPTIONS /featherwiki/Misc.html HTTP/2.0" 
     200 147 "https://freedombox.srvr/featherwiki/Misc.html" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

** the previous 3 log entries now log a user field:  wikiuser **
Saving (1st save):
Mar 18 09:34:21 freedombox apache-access[40327]: freedombox.srvr:443 192.168.1.100 - wikiuser [18/Mar/2026:09:34:21 -0400] 
  "PUT /featherwiki/Misc.html HTTP/2.0" 
     204 253 "https://freedombox.srvr/featherwiki/Misc.html?page=92-hvac" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

** entry includes user field:  wikiuser  **
Save after 300+ seconds:
Mar 18 09:43:16 freedombox apache-access[40327]: freedombox.srvr:443 192.168.1.100 - - [18/Mar/2026:09:43:16 -0400] 
  "PUT /featherwiki/Misc.html HTTP/2.0" 
     401 692 "https://freedombox.srvr/featherwiki/Misc.html?page=92-hvac" "Mozilla/5.0 (X11; Linux x86_64; rv:146.0) Gecko/20100101 Firefox/146.0"

** entry DOES NOT include a user field  **

Is a user session token of some kind expiring? The error message complains of “wrong credentials”.

3

A fix is now available: I Challenge Thee

You can also temporarily fix this issue as follows:

Create file /etc/apache2/conf-available/myfix.conf:

OIDCSessionInactivityTimeout 36000
OIDCSessionMaxDuration 0

The run the following commands:

a2enconf myfix
systemctl restart apache2