Simple Machines Forum — SMF in short — is free and open-source community forum software, delivering professional grade features in a package that allows you to set up your own online community within minutes!
I've seen this on ?action=who now. I suspect its a xhr type request that SMF is trying to check cors on. Simple solution here is to skip checking this if the origin doesn't have a scheme.
Description
https://myforum/index.php?form=%3C/script%3E%3Cimg%20src%20onerror=alert(document.domain)%3E&control=upload?topic=1.0
/Sources/Security.php (Line 1422)
Type of error: Undefined Error message 2: Undefined array key "scheme"