Laravel Sanctum CORS issue

Honestly i'm loosing my mind with that, i already tried eveything on the Internet, i keep getting CORS error when trying to get CSRF-TOKEN on localhost

Laravel App: localhost:8000

Vue App: localhost:8080

I also changed sanctum prefix URLs with 'prefix' => 'api', on sanctum.php config so instead of /sanctum/csrf-cookie the url is /api/csrf-cookie

(i already confirmed via php artisan route:list and its working fine)

What i already tried

Add \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, to cors.php as said on documentation:

My "cors.php' file

    protected $middleware = [
        // \App\Http\Middleware\TrustHosts::class,
        \Fruitcake\Cors\HandleCors::class,
        \App\Http\Middleware\TrustProxies::class,
        \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
        \App\Http\Cors::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \App\Http\Middleware\TrimStrings::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
    ];

    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            'throttle:api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
    ];

The \App\Http\Cors::class is a custom class i created to try to handle CORS:

    public function handle(Request $request, Closure $next)
    {
        return $next($request)->header('Access-Control-Allow-Origin', '*')
            ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE,
     OPTIONS')
            ->header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-
     Type, Accept, Authorization');
    }

Tried add some .env variables:

SESSION_DOMAIN=localhost
[and]
SESSION_DOMAIN=.localhost

SANCTUM_STATEFUL_DOMAINS=localhost
[and]
SANCTUM_STATEFUL_DOMAINS=.localhost
[and]
SANCTUM_STATEFUL_DOMAINS=localhost:8080
[and]
SANCTUM_STATEFUL_DOMAINS=http://localhost,http://localhost:8080,localhost:8080,localhost

My cors.php file

<?php

return [
    'paths' => [
        '*',
        'api/*',
        'login',
        'logout',
    ],

    'allowed_methods' => ['*'],

    'allowed_origins' => ['*'],

    'allowed_origins_patterns' => [],

    'allowed_headers' => ['*'],

    'exposed_headers' => [],

    'max_age' => 0,

    'supports_credentials' => true,

];

FRONTEND

In frontend i just created a axios instance:

export const authClient = axios.create({
  baseURL: process.env.VUE_APP_API_URL // localhost:8000,
  withCredentials: true
})

authClient.interceptors.response.use(
  response => response,
  error => {
    if (
      error.response
      && [401, 419].includes(error.response.status)
      && store.getters('auth/authUser')
      && !store.getters('auth/guest')
    ) {
      store.dispatch('auth/logout')
    }

    return Promise.reject(error)
  })

And try to get the token:

 async login (payload) {
    await authClient.get('/api/csrf-cookie')
    // return authClient.post('/login', payload)
  },

This is enough to get the error:

Access to XMLHttpRequest at 'localhost:8000/api/csrf-cookie' from origin 'http://localhost:8080' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, brave, chrome-untrusted, https.