#XSRF-Cookie being http-only, can't use it for request header via javascript

Hello, i have this problem in which XSRF-COOKIE works perfectly at localhost. But when i deploy my app, my SPA can't get the cookie because it is http-only. I also tried setting the config/session http_only to false but it still didn't work. Am i missing something here? please help this problem made me unable to sleep well. FYI i use laravel sanctum session auth and Nuxt Js as the frontend, and they both share the same top level domain

Why do you need to get the cookie using Javascript?