Cookie options and improvements for cross-subdomain and cross-site cookies
Cross-subdomain tracking has been improved:
main-domain detection on extra-long TLDs (e.g., .company) has been fixed
main-domain detection on very short .com/.org domains has been fixed
a new cookie_domain config option allows setting the domain explicitly, for cases where the main domain cannot be picked up accurately by the SDK's heuristics (e.g., subdomain.mainsite.avocat.fr); NB the value of cookie_domain must still match the current page origin, as browsers will refuse to set cookies on other domains
Backwards compatibility has been maintained for existing multi-part domains that were detected correctly in previous SDK versions (e.g., www.oxford.ac.uk).
The new cross_site_cookie config option can be set to true if your Mixpanel implementation is a special case that runs in a 3rd-party context, e.g., in an iframe embedded in someone else's page, or in a browser extension. This will enforce the cookie attributes SameSite=None; Secure (see https://web.dev/samesite-cookies-explained/). For standard implementations this is unnecessary, as the Mixpanel cookie is set on your own domain (i.e., it's a 1st-party cookie).
The new cookie options can be set at initialization time:
mixpanel.track() now also explicitly returns false (as a synchronous return value) if it was unable to initiate/enqueue the request successfully. Asynchronous request results are still available through the callback parameter.
Fix cross-subdomain tracking for various edge cases (extra-long TLDs, very short .com/.org domains)
Add cookie_domain config option to allow specifying domain explicitly for cross-subdomain tracking
Add cross_site_cookie config option to add SameSite=None;Secure for special integrations (iframes/extensions)
Return falsey value from track() if navigator.sendBeacon transport fails to enqueue data
2.34.0 (27 Jan 2020)
Add config option to allow ignoring DNT browser setting
Fix for /decide checks failing when lib initialized with sendBeacon transport
2.33.1 (16 Jan 2020)
Fix for native arrow-function track() callbacks not firing
2.33.0 (13 Jan 2020)
Support optional navigator.sendBeacon transport for network requests
Add user agent detection for Chromium-based Edge and Samsung Internet
2.32.0 (16 Dec 2019)
Default to POST requests for event tracking and profile updates
Include $insert_id with events for deduplication support
Don't throw exception when decoding malformed URI params
Notifications test fixes
2.31.0 (19 Nov 2019)
Default API server to api-js.mixpanel.com
2.29.1 (22 Aug 2019)
Fix race condition with event-triggered in-apps
2.29.0 (6 Jun 2019)
mixpanel.identify() now sends special $identify event for advanced identity management
Fix extraneous logging for Group API calls
2.28.0 (9 Apr 2019)
Support event triggered inapps
2.27.0 (7 Mar 2019)
Support cross-subdomain tracking on TLDs longer than 6 chars (thanks @danielbaker)
Support configurable network protocol for inapp resources (thanks @mkdai)
Allow inapp links to open in new window/tab via config option (thanks @mkdai)
2.26.0 (9 Jan 2019)
Fix minification issue with DoNotTrack browser setting
Pass flag to backend indicating when $distinct_id might have been set to a pre-existing $distinct_id value instead of a generated UUID (used when resolving aliases)
2.25.0 (19 Dec 2018)
Change the behavior of opt_out_tracking_by_default to no longer override any existing opt status when the user has an opt-in cookie. It also no longer clears persistence when set to true.
Create a new param called opt_out_persistence_by_default which will determine whether SDK persistence is turned off during initialization
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
If all status checks pass Dependabot will automatically merge this pull request.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps mixpanel-browser from 2.34.0 to 2.35.0.
Release notes
Sourced from mixpanel-browser's releases.
Changelog
Sourced from mixpanel-browser's changelog.
Commits
f94759c
2.35.0acb1085
rebuild 2.35.0f55ff3c
update docs with new cookie options and track return18770e3
url param to hide successful test results2714b83
don't run some tests in http/localhost-style envs45063bc
return false when .track() fails to initiate/enqueue requesta9be06d
build 2.35.0-rc13def5f6
derp endsWith() is ES6f4f7882
more detailed explanation of what's going on in extract_domain()9e69cd6
improve old boolean internal var nameDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.If all status checks pass Dependabot will automatically merge this pull request.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)