Can't un-set HTTP referrer requirements on an API key via the web admin UI

[GUI]

• In the admin add a new api key and save the record. Note in the database the value of settings.allowed_referers is null.
• Open that same api user back up for editing. Add some values in the "Restrict Access to HTTP Referers" field. Save the record. Note that the value of settings.allowed_referers in the database is now an array of strings.
• Open the same user again for editing. Remove all the values in the "Restrict Access to HTTP Referers" field. Save the record. Note that the value of settings.allowed_referers in the database is now [""] (an array containing an empty string).

So even though it looks like you've removed this setting from this specific key in the admin UI, there's actually this weird rogue empty string in the database. This value of an empty string messes with the referrer checks and essentially renders this specific key inoperable, since nothing matches this empty referrer value.

[GUI]

Should be fixed by updates I've pushed live.