diff --git a/app.js b/app.js
index 712c072..a5a030b 100644
--- a/app.js
+++ b/app.js
@@ -81,7 +81,10 @@ module.exports = () => {
 	// Allowing headers
 	app.use((req, res, next) => {
 		let origin = req.headers.origin;
-		if (ALLOWED_ORIGINS.includes(origin) || ALLOWED_ORIGINS[1].test(origin))
+		if (
+			ALLOWED_ORIGINS.includes(origin) ||
+			(ALLOWED_ORIGINS[2] && ALLOWED_ORIGINS[2].test(origin))
+		)
 			res.header("Access-Control-Allow-Origin", origin);
 		res.header(
 			"Access-Control-Allow-Headers",
diff --git a/config/index.js b/config/index.js
index 4d66aff..587a2f1 100644
--- a/config/index.js
+++ b/config/index.js
@@ -26,10 +26,12 @@ module.exports = {
 	AVATAR_URL: process.env.AVATAR_URL,
 	GET_BIRTHDAYS_PROCESS_SECRET: process.env.GET_BIRTHDAYS_PROCESS_SECRET,
 	SENTRY_DSN: process.env.SENTRY_DSN,
-	ALLOWED_ORIGINS: [
-		"https://portal.dsckiet.com",
-		"http://localhost:3000",
-		"https://dsckiet-admin.netlify.app",
-		/[^.\s]+deploy\-preview\-([\d]{1,})--dsckiet-admin\.netlify\.app/
-	]
+	ALLOWED_ORIGINS:
+		process.env.NODE_ENV === "production"
+			? ["https://portal.dsckiet.com"]
+			: [
+					"http://localhost:3000",
+					"https://dsckiet-admin.netlify.app",
+					/[^.\s]+deploy\-preview\-([\d]{1,})--dsckiet-admin\.netlify\.app/
+			  ]
 };
diff --git a/controllers/users_controller.js b/controllers/users_controller.js
index e3e7da9..b918f92 100644
--- a/controllers/users_controller.js
+++ b/controllers/users_controller.js
@@ -286,6 +286,7 @@ module.exports.deleteUser = async (req, res) => {
 		let key = `${user.image.split("/")[3]}/${user.image.split("/")[4]}`;
 		await deleteImage(key);
 	}
+	await Todo.deleteMany({ uid });
 	setToken(uid, "delete");
 	return sendSuccess(res, null);
 };