Description
When using the hosting_deployStaticWebsite tool to upload and deploy a static website (e.g., a simple index.html), the directory permissions on the hosting server are changed, resulting in a 403 Forbidden error when accessing the site.
Steps to Reproduce
- Create a simple static website archive containing
index.html
- Use the
hosting_deployStaticWebsite tool to deploy:
hosting_deployStaticWebsite({
domain: "example.com",
archivePath: "/path/to/website.zip"
})
- Tool reports successful upload and deployment
- Access the website - returns 403 Forbidden
- Check directory permissions via Hostinger file manager or SSH - permissions have been changed
Expected Behavior
After deployment, the website should be accessible with proper permissions (typically 755 for directories, 644 for files).
Actual Behavior
Directory permissions are modified during the deploy process, causing the web server to return 403 Forbidden.
Code Analysis
I traced the code path in server.ts:
handleStaticWebsiteDeploy (line 5127)
→ uploadFile (line 3869) - TUS protocol upload
→ hosting_deployStaticWebsite_triggerDeploy (line 5071)
→ POST /api/hosting/v1/accounts/{username}/websites/{domain}/deploy
The MCP client code does not set any file permissions. The uploadFile function (lines 3869-3956) uses the TUS protocol with these parameters:
const uploadUrlWithFile = `${cleanUploadUrl}/${normalizedPath}?override=true`;
// ...
const upload = new tus.Upload(fileStream, {
uploadUrl: uploadUrlWithFile,
retryDelays: [1000, 2000, 4000, 8000, 16000, 20000],
uploadDataDuringCreation: false,
parallelUploads: 1,
chunkSize: 10485760,
// ...
});The deployment trigger (lines 5071-5125) simply calls:
POST /api/hosting/v1/accounts/{username}/websites/{domain}/deploy
Body: { archive_path: "filename.zip" }No permission-related parameters are sent. The issue appears to be in Hostinger's server-side extraction/deployment process.
Possible Causes
- Server-side extraction - The
/deploy API endpoint may be extracting the archive with incorrect umask or permission settings
- Directory replacement - The deployment may be replacing
public_html with incorrect permissions
- Archive permissions - If archive format preserves Unix permissions (e.g., tar), restrictive source permissions could be carried over
Environment
- Tool:
hosting_deployStaticWebsite
- Archive format: zip
- Content: Simple static HTML files
Workaround
After deployment, manually reset permissions via SSH or file manager:
chmod 755 public_html
chmod 644 public_html/*
Suggested Fix
The server-side /deploy endpoint should ensure proper web-accessible permissions are set after extraction:
- Directories:
755
- Files:
644
Description
When using the
hosting_deployStaticWebsitetool to upload and deploy a static website (e.g., a simpleindex.html), the directory permissions on the hosting server are changed, resulting in a 403 Forbidden error when accessing the site.Steps to Reproduce
index.htmlhosting_deployStaticWebsitetool to deploy:Expected Behavior
After deployment, the website should be accessible with proper permissions (typically
755for directories,644for files).Actual Behavior
Directory permissions are modified during the deploy process, causing the web server to return 403 Forbidden.
Code Analysis
I traced the code path in
server.ts:The MCP client code does not set any file permissions. The
uploadFilefunction (lines 3869-3956) uses the TUS protocol with these parameters:The deployment trigger (lines 5071-5125) simply calls:
No permission-related parameters are sent. The issue appears to be in Hostinger's server-side extraction/deployment process.
Possible Causes
/deployAPI endpoint may be extracting the archive with incorrect umask or permission settingspublic_htmlwith incorrect permissionsEnvironment
hosting_deployStaticWebsiteWorkaround
After deployment, manually reset permissions via SSH or file manager:
chmod 755 public_html chmod 644 public_html/*Suggested Fix
The server-side
/deployendpoint should ensure proper web-accessible permissions are set after extraction:755644