Cookie options and improvements for cross-subdomain and cross-site cookies

Cross-subdomain tracking has been improved:

• main-domain detection on extra-long TLDs (e.g., .company) has been fixed
• main-domain detection on very short .com/.org domains has been fixed
• a new cookie_domain config option allows setting the domain explicitly, for cases where the main domain cannot be picked up accurately by the SDK's heuristics (e.g., subdomain.mainsite.avocat.fr); NB the value of cookie_domain must still match the current page origin, as browsers will refuse to set cookies on other domains

Backwards compatibility has been maintained for existing multi-part domains that were detected correctly in previous SDK versions (e.g., www.oxford.ac.uk).

The new cross_site_cookie config option can be set to true if your Mixpanel implementation is a special case that runs in a 3rd-party context, e.g., in an iframe embedded in someone else's page, or in a browser extension. This will enforce the cookie attributes SameSite=None; Secure (see https://web.dev/samesite-cookies-explained/). For standard implementations this is unnecessary, as the Mixpanel cookie is set on your own domain (i.e., it's a 1st-party cookie).

The new cookie options can be set at initialization time:

mixpanel.init('my token', {cookie_domain: 'foo.bar.baz.com', cross_site_cookie: true});

mixpanel.track() now also explicitly returns false (as a synchronous return value) if it was unable to initiate/enqueue the request successfully. Asynchronous request results are still available through the callback parameter.