#laravel sanctum and graphql CSRF mistmatch

after i started doing Authentication, using both, i started reciving such an error, as the documents say, i need to add the middleware,

        'middleware' => [
            \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
``` as well as the guards,

```php

    'guards' => ['sanctum'],

my cors

    'paths' => [
        'api/*',
        'graphql',
        'login',
        'logout',
        'sanctum/csrf-cookie'
    ],```

under bootstrap/app.php

```php
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->statefulApi();
    })

and under my api route,

Route::get('/user', function (Request $request) {
    return $request->user();
})->middleware('auth:sanctum');

under my graphql schema

    me: User @auth

if i remove everything about auth, the rest of the functionalities work just fine.

oh yeah! and i did include my authoriziation token in the http header,

{
  "Authorization": "Bearer <token>"
}```

If you have a CSRF mismatch, you'd need to add the CSRF token. CSRF and authentication are two different things

yeah i know, i couldnt figure out the way to add it to my graphql playground, + am not submitting any kind of information. just want to receive data

If those routes don't need CSRF protection you could disabled it on those routes

how does it work with laravel 11? usually in the older version i just put it under ```php

protected $except [
'graphql'
];

https://laravel.com/docs/11.x/csrf#csrf-excluding-uris

Updated the url, sent a wrong one lol