Move option to consistently respond with 200 to user reporting endpoint

content/client-server-api/modules/report_content.md

@@ -36,11 +36,6 @@ reported user is joined to. This is because users can be exposed to harmful
 content without being joined to a room. For instance, through user
 directories or invites.
 
-Clients can infer whether a reported event, room or user exists based on the
-404 responses of the reporting endpoints. Homeservers that wish to conceal
-this information MAY return 200 responses regardless of the existence of the
-reported subject.
-
 Furthermore, it might be possible for clients to deduce whether a reported
 event, room or user exists by timing the response. This is because only a
 report for an existing subject will require the homeserver to do further

data/api/client-server/report_content.yaml

@@ -169,6 +169,10 @@ paths:
         that the reported user is joined to.
 
         Clients may wish to [ignore](#ignoring-users) users after reporting them.
+
+        Clients could infer whether a reported user exists based on the 404 response.
+        Homeservers that wish to conceal this information MAY return 200 responses
+        regardless of the existence of the reported user.
       operationId: reportUser
       parameters:
         - in: path
@@ -198,7 +202,9 @@ paths:
         - accessTokenBearer: []
       responses:
         "200":
-          description: The user has been reported successfully.
+          description: |
+            The user has been reported successfully or the server chose
+            to not disclose whether the users exists.
           content:
             application/json:
               schema: