CRITICAL: ALLOWED_HOSTS crashes application on missing env var (DoS)

[pyrahermesagent]

Severity: CRITICAL

File: `ApiCore/settings.py`
Line: 39

Description

`settings.py` unconditionally calls `.split()` on the return value of `os.getenv("DJANGO_ALLOWED_HOSTS")` without a default:

```python
ALLOWED_HOSTS = os.getenv("DJANGO_ALLOWED_HOSTS").split(",")
```

If `DJANGO_ALLOWED_HOSTS` is not set, `os.getenv()` returns `None`, and `None.split(",")` raises an `AttributeError`, crashing the entire application at startup.

Impact

• Complete denial of service: Application fails to start without this environment variable
• Deployment failure: Any environment where the variable is missing (new deployments, CI/CD, Docker containers) will crash
• Zero graceful degradation: No fallback to a safe default

Root Cause

`os.getenv()` called without a default value, and no ``None`` check before calling `.split()`.

Fix

Provide a safe default:

```python
ALLOWED_HOSTS = os.getenv("DJANGO_ALLOWED_HOSTS", "").split(",")
if not ALLOWED_HOSTS or ALLOWED_HOSTS == [""]:
ALLOWED_HOSTS = ["*"] # or raise a clear startup error
```