diff --git a/cmd/server/main.go b/cmd/server/main.go
index ebb606a..a776396 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -36,7 +36,6 @@ func main() {
 	router := gin.Default()
 	// read allowedOrigins from environment variable which is a comma separated string
 	allowedOrigins := strings.Split(utils.LoadDotEnv("CORS_ALLOWED_ORIGINS"), ",")
-	allowedOrigins = append(allowedOrigins, "http://localhost*")
 
 	log.Info().Msgf("Allowed origins: %v", allowedOrigins)
 	config := cors.Config{
diff --git a/pkg/orm/utils.go b/pkg/orm/utils.go
index 07ac02d..22290d3 100644
--- a/pkg/orm/utils.go
+++ b/pkg/orm/utils.go
@@ -2,16 +2,19 @@ package orm
 
 import (
 	"context"
-	"dojo-api/db"
-	"dojo-api/utils"
 	"encoding/json"
 	"fmt"
 	"net/url"
 	"os"
+	"runtime"
+	"strconv"
 	"sync"
 	"sync/atomic"
 	"time"
 
+	"dojo-api/db"
+	"dojo-api/utils"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
@@ -214,6 +217,10 @@ func buildPostgresConnString(secrets *DbSecrets) string {
 	dbName := utils.LoadDotEnv("DB_NAME")
 	safePassword := url.QueryEscape(secrets.password)
 	databaseUrl := "postgresql://" + secrets.username + ":" + safePassword + "@" + host + "/" + dbName
+	// add connection pooling etc.
+	maxConns := runtime.NumCPU()*2 + 1
+	databaseUrl += "connection_limit=" + strconv.Itoa(maxConns) + "&pool_timeout=20"
+
 	// hack this so Prisma can read it directly, handle complexities here
 	os.Setenv("DATABASE_URL", databaseUrl)
 	return databaseUrl