fix(security): Secure ALLOWED_HOSTS configuration. Closes #925

[chauhan-varun]

Description

Make ALLOWED_HOSTS configurable via the DJANGO_ALLOWED_HOSTS environment variable (comma-separated) instead of hardcoding ["*"]. Falls back to ["*"] for backward compatibility so no existing instance breaks, but logs a WARNING in production (DEBUG=False) when the variable is not set. Also registers a Django System Check (greedybear.W001) that flags the wildcard when running manage.py check --deploy.

Related issues

Closes #925

Type of change

• Bug fix (non-breaking change which fixes an issue).
• New feature (non-breaking change which adds functionality).
• Breaking change (fix or feature that would cause existing functionality to not work as expected).
• Chore (refactoring, dependency updates, CI/CD changes, code cleanup, docs-only changes).

Screenshots

1. Warning log when DJANGO_ALLOWED_HOSTS is not set (production mode)

2. Django deploy check (greedybear.W001)

3. With DJANGO_ALLOWED_HOSTS set (no warning)

Checklist

Formalities

• I have read and understood the rules about how to Contribute to this project.
• I chose an appropriate title for the pull request in the form: <feature name>. Closes #999
• My branch is based on develop.
• The pull request is for the branch develop.
• I have reviewed and verified any LLM-generated code included in this PR.

Docs and tests

• I documented my code changes with docstrings and/or comments.
• I have checked if my changes affect user-facing behavior that is described in the docs. If so, I also created a pull request in the docs repository.
• Linter (Ruff) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
• I have added tests for the feature/bug I solved.
• All the tests gave 0 errors.

GUI changes

No GUI changes.

[chauhan-varun]

@regulartim please review the PR

[regulartim]

Looks good, all in all! 👍

[regulartim]

Hey @chauhan-varun ! Looks good, thanks! :)