From 90acc357923f9010e68ffab7a2472163b6133d86 Mon Sep 17 00:00:00 2001
From: Jennie Robinson Faber <jennie@jenniefaber.com>
Date: Wed, 29 Apr 2026 21:00:22 +0100
Subject: [PATCH] fix(helcim): always issue payment-bridge cookie on signup

Free ($0) signups need the same short-lived bridge cookie as paid signups
so /api/helcim/subscription can identify the member during activation
without a verified auth session. Drops the contributionAmount > 0 guard
that broke free-tier activation in the same flow.
---
 server/api/helcim/customer.post.js | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/server/api/helcim/customer.post.js b/server/api/helcim/customer.post.js
index 3382b7f..d0fc95d 100644
--- a/server/api/helcim/customer.post.js
+++ b/server/api/helcim/customer.post.js
@@ -88,12 +88,11 @@ export default defineEventHandler(async (event) => {
       member
     })
 
-    // Paid-tier signups need to complete Helcim checkout in the same tab
-    // before the magic link can be clicked. Issue a short-lived, payment-only
-    // bridge cookie so /api/helcim/initialize-payment accepts the request.
-    if (body.contributionAmount > 0) {
-      setPaymentBridgeCookie(event, member)
-    }
+    // Signup completes (paid checkout or free activation) before the magic
+    // link is clicked, so issue a short-lived, payment-only bridge cookie
+    // that lets /api/helcim/initialize-payment and /api/helcim/subscription
+    // identify the member without a verified auth session.
+    setPaymentBridgeCookie(event, member)
 
     return {
       success: true,