Synapse accepts /forget without a request body but this is not meant to be allowed by the specification

[reivilibre]

Like all PUT and POST requests other than the media ones (and /logout...), /forget is supposed to take a JSON body, e.g. {} if nothing special is required. Currently Synapse as at v1.92.3 does not require this.

16365 adds a warning against this.

We should see if any clients are hitting this and then a future version should cut this off completely.