– Cookies & HTTPS

  – The NextAuth cookie is configured as non-secure for localhost. Use HTTPS in production and adjust cookie security if you harden settings.

– Images

  – `next.config.ts` allows remote images from `res.cloudinary.com`.

– Webhooks

  – Ensure `/api/stripe/webhook` is reachable publicly and the correct `STRIPE_WEBHOOK_SECRET` is set.

– Database

  – Run `npx prisma migrate deploy` on each deploy to apply migrations.