Add tornado-cors to shim in better CORS compliance (namely responding to the empty OPTIONS request) and allow user auth data to be POSTed as JSON
data in the body. Also add a try-catch in BaseHandler for when failure_reason isn't defined.
Also remove Access-Control-Allow-Origin header since the CorsMixin handles that now.
Add tornado-cors to shim in better CORS compliance (namely responding to the empty OPTIONS request) and allow user auth data to be POSTed as JSON data in the body. Also add a try-catch in BaseHandler for when failure_reason isn't defined.
Also remove Access-Control-Allow-Origin header since the CorsMixin handles that now.