Move option to consistently respond with 200 to user reporting endpoint

2026-02-16 19:13:43 +01:00 · 2025-03-21 10:04:50 +01:00 · 2025-03-21 10:04:50 +01:00 · 97bf30b7a3
parent ebc71218d2
commit 97bf30b7a3
2 changed files with 7 additions and 6 deletions
--- a/content/client-server-api/modules/report_content.md
+++ b/content/client-server-api/modules/report_content.md
@ -36,11 +36,6 @@ reported user is joined to. This is because users can be exposed to harmful
 content without being joined to a room. For instance, through user
 directories or invites.

-Clients can infer whether a reported event, room or user exists based on the
-404 responses of the reporting endpoints. Homeservers that wish to conceal
-this information MAY return 200 responses regardless of the existence of the
-reported subject.
-
 Furthermore, it might be possible for clients to deduce whether a reported
 event, room or user exists by timing the response. This is because only a
 report for an existing subject will require the homeserver to do further
--- a/data/api/client-server/report_content.yaml
+++ b/data/api/client-server/report_content.yaml
@ -169,6 +169,10 @@ paths:
        that the reported user is joined to.

        Clients may wish to [ignore](#ignoring-users) users after reporting them.
+
+        Clients could infer whether a reported user exists based on the 404 response.
+        Homeservers that wish to conceal this information MAY return 200 responses
+        regardless of the existence of the reported user.
      operationId: reportUser
      parameters:
        - in: path
@ -198,7 +202,9 @@ paths:
        - accessTokenBearer: []
      responses:
        "200":
-          description: The user has been reported successfully.
+          description: |
+            The user has been reported successfully or the server chose
+            to not disclose whether the users exists.
          content:
            application/json:
              schema: