CSRF token mismatch. on new project with Laravel Sanctum

[tobeycodes]

Describe the bug

On a new install of Laravel v8 with Lighthouse installed I am getting a CSRF token mismatch. error on all graphql requests.

Steps to reproduce

.env
SESSION_DOMAIN=.domain.com
SANCTUM_STATEFUL_DOMAINS=domain.com

lighthouse.php
<?php

return [
    'route' => [
        'middleware' => [
            \Nuwave\Lighthouse\Support\Http\Middleware\AcceptJson::class,
            \Nuwave\Lighthouse\Support\Http\Middleware\AttemptAuthentication::class,
            Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        ],
    ],
    'guard' => 'sanctum',
    ...

I have confirmed that the xsrf token is being sent with requests in the browser. API methods outside of graphql are working and I am able to authenticate with Laravel Fortify as well.

I have tried to following the documentation exactly as shown here https://lighthouse-php.com/5.1/security/authentication.html#attemptauthentication-middleware

Lighthouse Version

"laravel/framework": "^8.12",
"laravel/sanctum": "^2.8"

[tobeycodes]

I also noticed that the CSRF token is not being set as a cookie on the response like normal api routers are, but perhaps that is intentional.

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

[tobeycodes]

I found the solution. It appears that I was incorrectly spelling the header name X-XSRF-TOKEN. Sorry