Fix wildcard cookie domain for multi-label public suffixes (2.4.1)

The previous slice(-2) heuristic in detectWildcardAndRoot truncated
domains with multi-label public suffixes (e.g. .org.uk, .co.uk, .com.au)
to the suffix itself, which browsers reject - leaving the cookie
host-only. Use the full domain captured after the wildcard so the
integrator's wildcard placement defines the cookie scope.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: luke-owen-crowdhandler

dist/crowdhandler.cjs.js

@@ -774,14 +774,15 @@ var Gatekeeper = /** @class */ (function () {
             (0, logger_1.logger)(this.options.debug, "info", "Domain has trailing wildcard, cannot use root domain cookie");
             return { isWildcard: false };
         }
-        // Extract root domain (last two parts for cookie domain)
-        var parts = domainPart.split('.');
-        var rootDomain = parts.length >= 2
-            ? ".".concat(parts.slice(-2).join('.'))
-            : ".".concat(domainPart);
+        // Use the full domain captured after the wildcard. The integrator's
+        // wildcard placement defines the cookie scope: e.g. *.barbican.org.uk
+        // → .barbican.org.uk, *.example.com → .example.com. Avoid heuristics
+        // like "last two labels", which mis-handle multi-label public suffixes
+        // (.co.uk, .org.uk, .com.au) and would scope the cookie to a public
+        // suffix the browser then rejects.
         return {
             isWildcard: true,
-            rootDomain: rootDomain
+            rootDomain: ".".concat(domainPart)
         };
     };
     /**