Laravel Sanctum Cors

I am building an application with backend in Laravel and the frontend using Vue.js.

For authentication I'm using Laravel Sanctum, in local environment it is working properly, but I made the installation in a homologation environment and some errors related to CORS are happening.

The settings in my config/cors.php file are like this:

'paths' => ['api/*', 'sanctum/csrf-cookie', 'login', 'logout'],

'allowed_methods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],

'allowed_origins' => [ 'http://domain.com.br' ],

'allowed_origins_patterns' => [],

'allowed_headers' => ['*'],

'exposed_headers' => [],

'max_age' => 0,

'supports_credentials' => true,

The login and logout routes are defined in the file routes/web.php:

Route::post('/login', [AuthController::class, 'login'])->name('auth.login');
Route::post('/logout', [AuthController::class, 'logout'])->name('auth.logout');

The routes in routes/api.php are protected using:

Route::middleware('auth:sanctum')->group(function () {
    // Other routes
});

When I start the application, I make a request for the route /api/usuario:

Route::get('/usuario', [AuthController::class, 'user'])->name('auth.user');

Which returns me an error 401 (unauthenticated), which is correct, since I am not logged in yet.

When I make the request for the route /login, the response is 200:

axios.get('/sanctum/csrf-cookie').then(() => {
    axios.post('/login', credentials)
        .then(({ data }) => {
            // Does anything
        });
});

Which is also correct, but when logging into the application, when requesting any route /api/* the CORS error is thrown.

My environment variables are like this:

SESSION_DRIVER=cookie
SESSION_DOMAIN=.domain.com.br
SANCTUM_STATEFUL_DOMAINS=domain.com.br

The API URL is like this: http://api.domain.com.br

Does anyone have any idea what it could be?