I think I figured out. I was referring to the Gutenberg block editing canvas. If all registered blocks are at API version 3, the canvas uses an iframe. If not, it uses a div.
Iframe is the better solution if available because there aren’t conflicts with admin styles and the viewport width is correct.
But then wouldn’t I have to have my permission logic in two formats in two places: once as part of WP_Query for non-single pages so that pagination and everything works, and then again on single pages as a function of the post ID?
And philosophically I’m of the opinion that if I supply a limitation to WP_Query, it should be applied and applied consistently. A date_query limitation works on single posts, but not a tax_query? This behavior should at least be documented somewhere.
