Fix environment variable handling for production deployment

- Update settings.py to support both ALLOWED_HOSTS and DJANGO_ALLOWED_HOSTS
- Add production CSRF_TRUSTED_ORIGINS for vhtv-stiftung.de
- Update env-template.txt with production variable examples
- Improve compatibility between development and production environments

app/core/settings.py

@@ -8,14 +8,21 @@ load_dotenv()
 
 BASE_DIR = Path(__file__).resolve().parent.parent
 
-SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", "dev-secret")
+SECRET_KEY = os.getenv("SECRET_KEY") or os.getenv("DJANGO_SECRET_KEY", "dev-secret")
 DEBUG = os.getenv("DJANGO_DEBUG", "0") == "1"
-ALLOWED_HOSTS = os.getenv("DJANGO_ALLOWED_HOSTS", "*").split(",")
 
-# CSRF settings for localhost development
+# Support both ALLOWED_HOSTS (production) and DJANGO_ALLOWED_HOSTS (development)
+allowed_hosts_env = os.getenv("ALLOWED_HOSTS") or os.getenv("DJANGO_ALLOWED_HOSTS", "*")
+ALLOWED_HOSTS = [host.strip() for host in allowed_hosts_env.split(",")]
+
+# CSRF settings for development and production
 CSRF_TRUSTED_ORIGINS = [
     "http://localhost:8081",
     "http://127.0.0.1:8081",
+    "http://vhtv-stiftung.de",
+    "https://vhtv-stiftung.de",
+    "http://www.vhtv-stiftung.de", 
+    "https://www.vhtv-stiftung.de",
 ]
 
 INSTALLED_APPS = [