419 csrf mismatch on sub-domain

Hi guys, I'm learning Laravel right now and for creating an API with sanctum CSRF auth with React as the frontend. But I have a problem with matching the CSRF token, so my react was served under localhost:5173 and I have a subdomain admin.localhost:5173. For localhost:5173 it successfully sending the CSRF token and validated by Laravel but for the sub-domain admin.localhost:5173 it doesn't send the CSRF token on the request despite the token generated (I can see it on the Application Cookies) and causing the CSRF token mismatch. They are using the same Login component so the axios should be correctly configured.

. Inside the .env I specified this variable: SANCTUM_STATEFUL_DOMAINS=localhost:5173,admin.localhost:5173 SESSION_DOMAIN=.localhost

in the cors config 'paths' => ['api/', 'sanctum/csrf-cookie', "login", "register", "logout"], 'allowed_methods' => [''], 'allowed_origins' => [''], 'allowed_origins_patterns' => [], 'allowed_headers' => [''], 'exposed_headers' => [], 'max_age' => 0, 'supports_credentials' => true,

on the windows host file I also already specified this:

127.0.0.1 localhost

127.0.0.1 admin.localhost

I don't have a clue why my subdomain is not working :( is it because the localhost doesn't treat the subdomain as the same top domain?