– Cookies & HTTPS

  – The NextAuth cookie is configured as non-secure for localhost. Use HTTPS in production and adjust cookie security if you harden settings.

– Images

  – next.config.ts allows remote images from res.cloudinary.com.

– Webhooks

  – Ensure /api/stripe/webhook is reachable publicly and the correct STRIPE_WEBHOOK_SECRET is set.

– Database

  – Run npx prisma migrate deploy on each deploy to apply migrations.