App\Http\Middleware\VerifyCsrfToken.php:

use Symfony\Component\HttpFoundation\Cookie;

/**
 * Add Cookie To Response.
 *
 * @param \Illuminate\Http\Request $request
 * @param \Symfony\Component\HttpFoundation\Response $response
 *
 * @return \Symfony\Component\HttpFoundation\Response
 */
protected function addCookieToResponse($request, $response)
{
    $config = config('session');

    $response->headers->setCookie(
        new Cookie(
            'XSRF-TOKEN',
            $request->session()->token(),
            $this->availableAt(60 * $config['lifetime']),
            $config['path'],
            $config['domain'],
            $config['secure'],
            $config['http_only'],
            false,
            $config['same_site'] ?? null
        )
    );

    return $response;
}