Expectation: do not use http? At least not hard coded this way; if the original request was http by itself, it is understandable, but if not (e.g., because https was used), why suddenly do http?
Observed behavior: when the dashboard is provisioned, authentication might have been enabled (username+password authentication). If this is enabled, one is unable to add a Google Maps API key without first disabling authentication (which also completely removes the username+password). This is rather unfortunate in use cases where the username+password are being provisioned as part of the deployment of the dashboard itself.
Expected behavior: if no Google Maps API key has been entered, it should always be possible to add that. It should not matter if authentication is enabled or not.
This isn't an issue, nevertheless, I just wanted to mention that using this application when deployed behind a reverse proxy (like haproxy or nginx) requires the rewrite of the host header in the configuration of the reverse proxy, for connections towards the backend.