53 files changed, 330 insertions, 757 deletions
diff --git a/http/app.h b/http/app.h
index ca871dcead..dfd5304543 100644
--- a/http/app.h
+++ b/http/app.h
@@ -3,7 +3,6 @@
 #include "http_request.h"
 #include "http_server.h"
 #include "logging.h"
-#include "middleware_context.h"
 #include "routing.h"
 #include "utility.h"
 
@@ -25,25 +24,24 @@ namespace crow
 #ifdef BMCWEB_ENABLE_SSL
 using ssl_context_t = boost::asio::ssl::context;
 #endif
-template <typename... Middlewares>
-class Crow
+class App
 {
   public:
-    using self_t = Crow;
+    using self_t = App;
 
 #ifdef BMCWEB_ENABLE_SSL
     using ssl_socket_t = boost::beast::ssl_stream<boost::asio::ip::tcp::socket>;
-    using ssl_server_t = Server<Crow, ssl_socket_t, Middlewares...>;
+    using ssl_server_t = Server<App, ssl_socket_t>;
 #else
     using socket_t = boost::asio::ip::tcp::socket;
-    using server_t = Server<Crow, socket_t, Middlewares...>;
+    using server_t = Server<App, socket_t>;
 #endif
 
-    explicit Crow(std::shared_ptr<boost::asio::io_context> ioIn =
-                      std::make_shared<boost::asio::io_context>()) :
+    explicit App(std::shared_ptr<boost::asio::io_context> ioIn =
+                     std::make_shared<boost::asio::io_context>()) :
         io(std::move(ioIn))
     {}
-    ~Crow()
+    ~App()
     {
         this->stop();
     }
@@ -100,12 +98,12 @@ class Crow
         if (-1 == socketFd)
         {
             sslServer = std::move(std::make_unique<ssl_server_t>(
-                this, bindaddrStr, portUint, sslContext, &middlewares, io));
+                this, bindaddrStr, portUint, sslContext, io));
         }
         else
         {
-            sslServer = std::move(std::make_unique<ssl_server_t>(
-                this, socketFd, sslContext, &middlewares, io));
+            sslServer = std::move(
+                std::make_unique<ssl_server_t>(this, socketFd, sslContext, io));
         }
         sslServer->setTickFunction(tickInterval, tickFunction);
         sslServer->run();
@@ -115,12 +113,12 @@ class Crow
         if (-1 == socketFd)
         {
             server = std::move(std::make_unique<server_t>(
-                this, bindaddrStr, portUint, nullptr, &middlewares, io));
+                this, bindaddrStr, portUint, nullptr, io));
         }
         else
         {
-            server = std::move(std::make_unique<server_t>(
-                this, socketFd, nullptr, &middlewares, io));
+            server = std::move(
+                std::make_unique<server_t>(this, socketFd, nullptr, io));
         }
         server->setTickFunction(tickInterval, tickFunction);
         server->run();
@@ -216,23 +214,6 @@ class Crow
     }
 #endif
 
-    // middleware
-    using context_t = detail::Context<Middlewares...>;
-    template <typename T>
-    typename T::Context& getContext(const Request& req)
-    {
-        static_assert(black_magic::Contains<T, Middlewares...>::value,
-                      "App doesn't have the specified middleware type.");
-        auto& ctx = *reinterpret_cast<context_t*>(req.middlewareContext);
-        return ctx.template get<T>();
-    }
-
-    template <typename T>
-    T& getMiddleware()
-    {
-        return utility::getElementByType<T, Middlewares...>(middlewares);
-    }
-
     template <typename Duration, typename Func>
     self_t& tick(Duration d, Func f)
     {
@@ -255,15 +236,11 @@ class Crow
     std::chrono::milliseconds tickInterval{};
     std::function<void()> tickFunction;
 
-    std::tuple<Middlewares...> middlewares;
-
 #ifdef BMCWEB_ENABLE_SSL
     std::unique_ptr<ssl_server_t> sslServer;
 #else
     std::unique_ptr<server_t> server;
 #endif
 };
-template <typename... Middlewares>
-using App = Crow<Middlewares...>;
-using SimpleApp = Crow<>;
 } // namespace crow
+using App = crow::App;
diff --git a/http/http_connection.h b/http/http_connection.h
index 8dba3d6b59..609d4a10b1 100644
--- a/http/http_connection.h
+++ b/http/http_connection.h
@@ -3,7 +3,6 @@
 
 #include "http_response.h"
 #include "logging.h"
-#include "middleware_context.h"
 #include "timer_queue.h"
 #include "utility.h"
 
@@ -19,6 +18,7 @@
 #include <boost/beast/http.hpp>
 #include <boost/beast/ssl/ssl_stream.hpp>
 #include <boost/beast/websocket.hpp>
+#include <security_headers.hpp>
 #include <ssl_key_handler.hpp>
 
 #include <atomic>
@@ -61,186 +61,6 @@ inline void prettyPrintJson(crow::Response& res)
 using namespace boost;
 using tcp = asio::ip::tcp;
 
-namespace detail
-{
-template <typename MW>
-struct CheckBeforeHandleArity3Const
-{
-    template <typename T,
-              void (T::*)(Request&, Response&, typename MW::Context&) const =
-                  &T::beforeHandle>
-    struct Get
-    {};
-};
-
-template <typename MW>
-struct CheckBeforeHandleArity3
-{
-    template <typename T, void (T::*)(Request&, Response&,
-                                      typename MW::Context&) = &T::beforeHandle>
-    struct Get
-    {};
-};
-
-template <typename MW>
-struct CheckAfterHandleArity3Const
-{
-    template <typename T,
-              void (T::*)(Request&, Response&, typename MW::Context&) const =
-                  &T::afterHandle>
-    struct Get
-    {};
-};
-
-template <typename MW>
-struct CheckAfterHandleArity3
-{
-    template <typename T, void (T::*)(Request&, Response&,
-                                      typename MW::Context&) = &T::afterHandle>
-    struct Get
-    {};
-};
-
-template <typename T>
-struct IsBeforeHandleArity3Impl
-{
-    template <typename C>
-    static std::true_type
-        f(typename CheckBeforeHandleArity3Const<T>::template Get<C>*);
-
-    template <typename C>
-    static std::true_type
-        f(typename CheckBeforeHandleArity3<T>::template Get<C>*);
-
-    template <typename C>
-    static std::false_type f(...);
-
-  public:
-    static constexpr bool value = decltype(f<T>(nullptr))::value;
-};
-
-template <typename T>
-struct IsAfterHandleArity3Impl
-{
-    template <typename C>
-    static std::true_type
-        f(typename CheckAfterHandleArity3Const<T>::template Get<C>*);
-
-    template <typename C>
-    static std::true_type
-        f(typename CheckAfterHandleArity3<T>::template Get<C>*);
-
-    template <typename C>
-    static std::false_type f(...);
-
-  public:
-    static constexpr bool value = decltype(f<T>(nullptr))::value;
-};
-
-template <typename MW, typename Context, typename ParentContext>
-typename std::enable_if<!IsBeforeHandleArity3Impl<MW>::value>::type
-    beforeHandlerCall(MW& mw, Request& req, Response& res, Context& ctx,
-                      ParentContext& /*parent_ctx*/)
-{
-    mw.beforeHandle(req, res, ctx.template get<MW>(), ctx);
-}
-
-template <typename MW, typename Context, typename ParentContext>
-typename std::enable_if<IsBeforeHandleArity3Impl<MW>::value>::type
-    beforeHandlerCall(MW& mw, Request& req, Response& res, Context& ctx,
-                      ParentContext& /*parent_ctx*/)
-{
-    mw.beforeHandle(req, res, ctx.template get<MW>());
-}
-
-template <typename MW, typename Context, typename ParentContext>
-typename std::enable_if<!IsAfterHandleArity3Impl<MW>::value>::type
-    afterHandlerCall(MW& mw, Request& req, Response& res, Context& ctx,
-                     ParentContext& /*parent_ctx*/)
-{
-    mw.afterHandle(req, res, ctx.template get<MW>(), ctx);
-}
-
-template <typename MW, typename Context, typename ParentContext>
-typename std::enable_if<IsAfterHandleArity3Impl<MW>::value>::type
-    afterHandlerCall(MW& mw, Request& req, Response& res, Context& ctx,
-                     ParentContext& /*parent_ctx*/)
-{
-    mw.afterHandle(req, res, ctx.template get<MW>());
-}
-
-template <size_t N, typename Context, typename Container, typename CurrentMW,
-          typename... Middlewares>
-bool middlewareCallHelper(Container& middlewares, Request& req, Response& res,
-                          Context& ctx)
-{
-    using parent_context_t = typename Context::template partial<N - 1>;
-    beforeHandlerCall<CurrentMW, Context, parent_context_t>(
-        std::get<N>(middlewares), req, res, ctx,
-        static_cast<parent_context_t&>(ctx));
-
-    if (res.isCompleted())
-    {
-        afterHandlerCall<CurrentMW, Context, parent_context_t>(
-            std::get<N>(middlewares), req, res, ctx,
-            static_cast<parent_context_t&>(ctx));
-        return true;
-    }
-
-    if (middlewareCallHelper<N + 1, Context, Container, Middlewares...>(
-            middlewares, req, res, ctx))
-    {
-        afterHandlerCall<CurrentMW, Context, parent_context_t>(
-            std::get<N>(middlewares), req, res, ctx,
-            static_cast<parent_context_t&>(ctx));
-        return true;
-    }
-
-    return false;
-}
-
-template <size_t N, typename Context, typename Container>
-bool middlewareCallHelper(Container& /*middlewares*/, Request& /*req*/,
-                          Response& /*res*/, Context& /*ctx*/)
-{
-    return false;
-}
-
-template <size_t N, typename Context, typename Container>
-typename std::enable_if<(N < 0)>::type
-    afterHandlersCallHelper(Container& /*middlewares*/, Context& /*Context*/,
-                            Request& /*req*/, Response& /*res*/)
-{}
-
-template <size_t N, typename Context, typename Container>
-typename std::enable_if<(N == 0)>::type
-    afterHandlersCallHelper(Container& middlewares, Context& ctx, Request& req,
-                            Response& res)
-{
-    using parent_context_t = typename Context::template partial<N - 1>;
-    using CurrentMW = typename std::tuple_element<
-        N, typename std::remove_reference<Container>::type>::type;
-    afterHandlerCall<CurrentMW, Context, parent_context_t>(
-        std::get<N>(middlewares), req, res, ctx,
-        static_cast<parent_context_t&>(ctx));
-}
-
-template <size_t N, typename Context, typename Container>
-typename std::enable_if<(N > 0)>::type
-    afterHandlersCallHelper(Container& middlewares, Context& ctx, Request& req,
-                            Response& res)
-{
-    using parent_context_t = typename Context::template partial<N - 1>;
-    using CurrentMW = typename std::tuple_element<
-        N, typename std::remove_reference<Container>::type>::type;
-    afterHandlerCall<CurrentMW, Context, parent_context_t>(
-        std::get<N>(middlewares), req, res, ctx,
-        static_cast<parent_context_t&>(ctx));
-    afterHandlersCallHelper<N - 1, Context, Container>(middlewares, ctx, req,
-                                                       res);
-}
-} // namespace detail
-
 #ifdef BMCWEB_ENABLE_DEBUG
 static std::atomic<int> connectionCount;
 #endif
@@ -261,21 +81,18 @@ static constexpr const size_t loggedInAttempts =
 static constexpr const size_t loggedOutAttempts =
     (15 / timerQueueTimeoutSeconds);
 
-template <typename Adaptor, typename Handler, typename... Middlewares>
+template <typename Adaptor, typename Handler>
 class Connection :
-    public std::enable_shared_from_this<
-        Connection<Adaptor, Handler, Middlewares...>>
+    public std::enable_shared_from_this<Connection<Adaptor, Handler>>
 {
   public:
     Connection(boost::asio::io_context& ioService, Handler* handlerIn,
                const std::string& ServerNameIn,
-               std::tuple<Middlewares...>* middlewaresIn,
                std::function<std::string()>& get_cached_date_str_f,
                detail::TimerQueue& timerQueueIn, Adaptor adaptorIn) :
         adaptor(std::move(adaptorIn)),
         handler(handlerIn), serverName(ServerNameIn),
-        middlewares(middlewaresIn), getCachedDateStr(get_cached_date_str_f),
-        timerQueue(timerQueueIn)
+        getCachedDateStr(get_cached_date_str_f), timerQueue(timerQueueIn)
     {
         parser.emplace(std::piecewise_construct, std::make_tuple());
         parser->body_limit(httpReqBodyLimit);
@@ -285,7 +102,7 @@ class Connection :
 #ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
         auto ca_available = !std::filesystem::is_empty(
             std::filesystem::path(ensuressl::trustStorePath));
-        if (ca_available && crow::persistent_data::SessionStore::getInstance()
+        if (ca_available && persistent_data::SessionStore::getInstance()
                                 .getAuthMethodsConfig()
                                 .tls)
         {
@@ -301,7 +118,7 @@ class Connection :
                                         bool preverified,
                                         boost::asio::ssl::verify_context& ctx) {
             // do nothing if TLS is disabled
-            if (!crow::persistent_data::SessionStore::getInstance()
+            if (!persistent_data::SessionStore::getInstance()
                      .getAuthMethodsConfig()
                      .tls)
             {
@@ -444,10 +261,10 @@ class Connection :
             }
             sslUser.resize(lastChar);
 
-            session = persistent_data::SessionStore::getInstance()
-                          .generateUserSession(
-                              sslUser,
-                              crow::persistent_data::PersistenceType::TIMEOUT);
+            session =
+                persistent_data::SessionStore::getInstance()
+                    .generateUserSession(
+                        sslUser, persistent_data::PersistenceType::TIMEOUT);
             if (auto sp = session.lock())
             {
                 BMCWEB_LOG_DEBUG << this
@@ -538,15 +355,9 @@ class Connection :
             res.completeRequestHandler = [] {};
             res.isAliveHelper = [this]() -> bool { return isAlive(); };
 
-            ctx = detail::Context<Middlewares...>();
-            req->middlewareContext = static_cast<void*>(&ctx);
             req->ioService = static_cast<decltype(req->ioService)>(
                 &adaptor.get_executor().context());
 
-            detail::middlewareCallHelper<
-                0U, decltype(ctx), decltype(*middlewares), Middlewares...>(
-                *middlewares, *req, res, ctx);
-
             if (!res.completed)
             {
                 needToCallAfterHandlers = true;
@@ -618,16 +429,10 @@ class Connection :
         BMCWEB_LOG_INFO << "Response: " << this << ' ' << req->url << ' '
                         << res.resultInt() << " keepalive=" << req->keepAlive();
 
+        addSecurityHeaders(res);
+
         if (needToCallAfterHandlers)
         {
-            needToCallAfterHandlers = false;
-
-            // call all afterHandler of middlewares
-            detail::afterHandlersCallHelper<sizeof...(Middlewares) - 1,
-                                            decltype(ctx),
-                                            decltype(*middlewares)>(
-                *middlewares, ctx, *req, res);
-
             crow::authorization::cleanupTempSession(*req);
         }
 
@@ -949,7 +754,8 @@ class Connection :
 
     std::optional<crow::Request> req;
     crow::Response res;
-    std::weak_ptr<crow::persistent_data::UserSession> session;
+
+    std::weak_ptr<persistent_data::UserSession> session;
 
     const std::string& serverName;
 
@@ -958,13 +764,10 @@ class Connection :
     bool needToCallAfterHandlers{};
     bool needToStartReadAfterComplete{};
 
-    std::tuple<Middlewares...>* middlewares;
-    detail::Context<Middlewares...> ctx;
-
     std::function<std::string()>& getCachedDateStr;
     detail::TimerQueue& timerQueue;
 
     using std::enable_shared_from_this<
-        Connection<Adaptor, Handler, Middlewares...>>::shared_from_this;
+        Connection<Adaptor, Handler>>::shared_from_this;
 };
 } // namespace crow
diff --git a/http/http_request.h b/http/http_request.h
index 95f88c735d..fa60f60ba2 100644
--- a/http/http_request.h
+++ b/http/http_request.h
@@ -30,10 +30,9 @@ struct Request
 
     const std::string& body;
 
-    void* middlewareContext{};
     boost::asio::io_context* ioService{};
 
-    std::shared_ptr<crow::persistent_data::UserSession> session;
+    std::shared_ptr<persistent_data::UserSession> session;
 
     std::string userRole{};
     std::function<Adaptor&()> socket;
diff --git a/http/http_response.h b/http/http_response.h
index d5d1e4b03f..7be6b0914c 100644
--- a/http/http_response.h
+++ b/http/http_response.h
@@ -11,12 +11,12 @@
 namespace crow
 {
 
-template <typename Adaptor, typename Handler, typename... Middlewares>
+template <typename Adaptor, typename Handler>
 class Connection;
 
 struct Response
 {
-    template <typename Adaptor, typename Handler, typename... Middlewares>
+    template <typename Adaptor, typename Handler>
     friend class crow::Connection;
     using response_type =
         boost::beast::http::response<boost::beast::http::string_body>;
diff --git a/http/http_server.h b/http/http_server.h
index 0e8a702ec2..c87ddd428c 100644
--- a/http/http_server.h
+++ b/http/http_server.h
@@ -27,44 +27,39 @@ namespace crow
 using namespace boost;
 using tcp = asio::ip::tcp;
 
-template <typename Handler, typename Adaptor = boost::asio::ip::tcp::socket,
-          typename... Middlewares>
+template <typename Handler, typename Adaptor = boost::asio::ip::tcp::socket>
 class Server
 {
   public:
     Server(Handler* handler, std::unique_ptr<tcp::acceptor>&& acceptor,
            std::shared_ptr<boost::asio::ssl::context> adaptor_ctx,
-           std::tuple<Middlewares...>* middlewares = nullptr,
            std::shared_ptr<boost::asio::io_context> io =
                std::make_shared<boost::asio::io_context>()) :
         ioService(std::move(io)),
         acceptor(std::move(acceptor)),
         signals(*ioService, SIGINT, SIGTERM, SIGHUP), tickTimer(*ioService),
-        timer(*ioService), handler(handler), middlewares(middlewares),
-        adaptorCtx(adaptor_ctx)
+        timer(*ioService), handler(handler), adaptorCtx(adaptor_ctx)
     {}
 
     Server(Handler* handler, const std::string& bindaddr, uint16_t port,
            std::shared_ptr<boost::asio::ssl::context> adaptor_ctx,
-           std::tuple<Middlewares...>* middlewares = nullptr,
            std::shared_ptr<boost::asio::io_context> io =
                std::make_shared<boost::asio::io_context>()) :
         Server(handler,
                std::make_unique<tcp::acceptor>(
                    *io, tcp::endpoint(boost::asio::ip::make_address(bindaddr),
                                       port)),
-               adaptor_ctx, middlewares, io)
+               adaptor_ctx, io)
     {}
 
     Server(Handler* handler, int existing_socket,
            std::shared_ptr<boost::asio::ssl::context> adaptor_ctx,
-           std::tuple<Middlewares...>* middlewares = nullptr,
            std::shared_ptr<boost::asio::io_context> io =
                std::make_shared<boost::asio::io_context>()) :
         Server(handler,
                std::make_unique<tcp::acceptor>(*io, boost::asio::ip::tcp::v6(),
                                                existing_socket),
-               adaptor_ctx, middlewares, io)
+               adaptor_ctx, io)
     {}
 
     void setTickFunction(std::chrono::milliseconds d, std::function<void()> f)
@@ -223,11 +218,9 @@ class Server
                                        boost::asio::ip::tcp::socket>>::value)
         {
             adaptorTemp = Adaptor(*ioService, *adaptorCtx);
-            auto p =
-                std::make_shared<Connection<Adaptor, Handler, Middlewares...>>(
-                    *ioService, handler, serverName, middlewares,
-                    getCachedDateStr, timerQueue,
-                    std::move(adaptorTemp.value()));
+            auto p = std::make_shared<Connection<Adaptor, Handler>>(
+                *ioService, handler, serverName, getCachedDateStr, timerQueue,
+                std::move(adaptorTemp.value()));
 
             acceptor->async_accept(p->socket().next_layer(),
                                    [this, p](boost::system::error_code ec) {
@@ -243,11 +236,9 @@ class Server
         else
         {
             adaptorTemp = Adaptor(*ioService);
-            auto p =
-                std::make_shared<Connection<Adaptor, Handler, Middlewares...>>(
-                    *ioService, handler, serverName, middlewares,
-                    getCachedDateStr, timerQueue,
-                    std::move(adaptorTemp.value()));
+            auto p = std::make_shared<Connection<Adaptor, Handler>>(
+                *ioService, handler, serverName, getCachedDateStr, timerQueue,
+                std::move(adaptorTemp.value()));
 
             acceptor->async_accept(
                 p->socket(), [this, p](boost::system::error_code ec) {
@@ -279,8 +270,6 @@ class Server
     std::function<void()> tickFunction;
     std::function<void(const boost::system::error_code& ec)> timerHandler;
 
-    std::tuple<Middlewares...>* middlewares;
-
 #ifdef BMCWEB_ENABLE_SSL
     bool useSsl{false};
 #endif
diff --git a/http/middleware_context.h b/http/middleware_context.h
deleted file mode 100644
index fa399d62d3..0000000000
--- a/http/middleware_context.h
+++ /dev/null
@@ -1,72 +0,0 @@
-#pragma once
-
-#include "http_request.h"
-#include "http_response.h"
-#include "utility.h"
-
-namespace crow
-{
-namespace detail
-{
-template <typename... Middlewares>
-struct PartialContext :
-    public black_magic::PopBack<Middlewares...>::template rebind<
-        PartialContext>,
-    public black_magic::LastElementType<Middlewares...>::type::Context
-{
-    using parent_context = typename black_magic::PopBack<
-        Middlewares...>::template rebind<::crow::detail::PartialContext>;
-    template <size_t N>
-    using partial = typename std::conditional<
-        N == sizeof...(Middlewares) - 1, PartialContext,
-        typename parent_context::template partial<N>>::type;
-
-    template <typename T>
-    typename T::Context& get()
-    {
-        return static_cast<typename T::Context&>(*this);
-    }
-};
-
-template <>
-struct PartialContext<>
-{
-    template <size_t>
-    using partial = PartialContext;
-};
-
-template <size_t N, typename Context, typename Container, typename CurrentMW,
-          typename... Middlewares>
-bool middlewareCallHelper(Container& middlewares, Request& req, Response& res,
-                          Context& ctx);
-
-template <typename... Middlewares>
-struct Context : private PartialContext<Middlewares...>
-// struct Context : private Middlewares::context... // simple but less type-safe
-{
-    template <size_t N, typename Context, typename Container>
-    friend typename std::enable_if<(N == 0)>::type
-        afterHandlersCallHelper(Container& middlewares, Context& ctx,
-                                Request& req, Response& res);
-    template <size_t N, typename Context, typename Container>
-    friend typename std::enable_if<(N > 0)>::type
-        afterHandlersCallHelper(Container& middlewares, Context& ctx,
-                                Request& req, Response& res);
-
-    template <size_t N, typename Context, typename Container,
-              typename CurrentMW, typename... Middlewares2>
-    friend bool middlewareCallHelper(Container& middlewares, Request& req,
-                                     Response& res, Context& ctx);
-
-    template <typename T>
-    typename T::Context& get()
-    {
-        return static_cast<typename T::Context&>(*this);
-    }
-
-    template <size_t N>
-    using partial =
-        typename PartialContext<Middlewares...>::template partial<N>;
-};
-} // namespace detail
-} // namespace crow
diff --git a/http/websocket.h b/http/websocket.h
index 91b537b7d1..7670196521 100644
--- a/http/websocket.h
+++ b/http/websocket.h
@@ -276,7 +276,7 @@ class ConnectionImpl : public Connection
     std::function<void(Connection&, const std::string&, bool)> messageHandler;
     std::function<void(Connection&, const std::string&)> closeHandler;
     std::function<void(Connection&)> errorHandler;
-    std::shared_ptr<crow::persistent_data::UserSession> session;
+    std::shared_ptr<persistent_data::UserSession> session;
 };
 } // namespace websocket
 } // namespace crow
diff --git a/include/authorization.hpp b/include/authorization.hpp
index c00090b4dd..1fd1b1232e 100644
--- a/include/authorization.hpp
+++ b/include/authorization.hpp
@@ -11,7 +11,6 @@
 #include <boost/container/flat_set.hpp>
 #include <http_utility.hpp>
 #include <pam_authenticate.hpp>
-#include <persistent_data_middleware.hpp>
 
 #include <random>
 
@@ -29,13 +28,13 @@ static void cleanupTempSession(Request& req)
     // user session?
     if (req.session != nullptr &&
         req.session->persistence ==
-            crow::persistent_data::PersistenceType::SINGLE_REQUEST)
+            persistent_data::PersistenceType::SINGLE_REQUEST)
     {
         persistent_data::SessionStore::getInstance().removeSession(req.session);
     }
 }
 
-static const std::shared_ptr<crow::persistent_data::UserSession>
+static const std::shared_ptr<persistent_data::UserSession>
     performBasicAuth(std::string_view auth_header)
 {
     BMCWEB_LOG_DEBUG << "[AuthMiddleware] Basic authentication";
@@ -76,11 +75,11 @@ static const std::shared_ptr<crow::persistent_data::UserSession>
     // This whole flow needs to be revisited anyway, as we can't be
     // calling directly into pam for every request
     return persistent_data::SessionStore::getInstance().generateUserSession(
-        user, crow::persistent_data::PersistenceType::SINGLE_REQUEST,
+        user, persistent_data::PersistenceType::SINGLE_REQUEST,
         isConfigureSelfOnly);
 }
 
-static const std::shared_ptr<crow::persistent_data::UserSession>
+static const std::shared_ptr<persistent_data::UserSession>
     performTokenAuth(std::string_view auth_header)
 {
     BMCWEB_LOG_DEBUG << "[AuthMiddleware] Token authentication";
@@ -91,7 +90,7 @@ static const std::shared_ptr<crow::persistent_data::UserSession>
     return session;
 }
 
-static const std::shared_ptr<crow::persistent_data::UserSession>
+static const std::shared_ptr<persistent_data::UserSession>
     performXtokenAuth(const crow::Request& req)
 {
     BMCWEB_LOG_DEBUG << "[AuthMiddleware] X-Auth-Token authentication";
@@ -106,7 +105,7 @@ static const std::shared_ptr<crow::persistent_data::UserSession>
     return session;
 }
 
-static const std::shared_ptr<crow::persistent_data::UserSession>
+static const std::shared_ptr<persistent_data::UserSession>
     performCookieAuth(const crow::Request& req)
 {
     BMCWEB_LOG_DEBUG << "[AuthMiddleware] Cookie authentication";
@@ -131,7 +130,7 @@ static const std::shared_ptr<crow::persistent_data::UserSession>
     std::string_view authKey =
         cookieValue.substr(startIndex, endIndex - startIndex);
 
-    const std::shared_ptr<crow::persistent_data::UserSession> session =
+    const std::shared_ptr<persistent_data::UserSession> session =
         persistent_data::SessionStore::getInstance().loginSessionByToken(
             authKey);
     if (session == nullptr)
@@ -149,7 +148,7 @@ static const std::shared_ptr<crow::persistent_data::UserSession>
             return nullptr;
         }
 
-        if (csrf.size() != crow::persistent_data::sessionTokenSize)
+        if (csrf.size() != persistent_data::sessionTokenSize)
         {
             return nullptr;
         }
@@ -163,9 +162,9 @@ static const std::shared_ptr<crow::persistent_data::UserSession>
     return session;
 }
 
-static const std::shared_ptr<crow::persistent_data::UserSession>
+static const std::shared_ptr<persistent_data::UserSession>
     performTLSAuth(const crow::Request& req, Response& res,
-                   std::weak_ptr<crow::persistent_data::UserSession> session)
+                   std::weak_ptr<persistent_data::UserSession> session)
 {
 #ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
     if (auto sp = session.lock())
@@ -235,18 +234,16 @@ static bool isOnWhitelist(const crow::Request& req)
     return false;
 }
 
-static void
-    authenticate(crow::Request& req, Response& res,
-                 std::weak_ptr<crow::persistent_data::UserSession> session)
+static void authenticate(crow::Request& req, Response& res,
+                         std::weak_ptr<persistent_data::UserSession> session)
 {
     if (isOnWhitelist(req))
     {
         return;
     }
 
-    const crow::persistent_data::AuthConfigMethods& authMethodsConfig =
-        crow::persistent_data::SessionStore::getInstance()
-            .getAuthMethodsConfig();
+    const persistent_data::AuthConfigMethods& authMethodsConfig =
+        persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
 
     if (req.session == nullptr && authMethodsConfig.tls)
     {
diff --git a/include/cors_preflight.hpp b/include/cors_preflight.hpp
new file mode 100644
index 0000000000..6fa9c0a283
--- /dev/null
+++ b/include/cors_preflight.hpp
@@ -0,0 +1,19 @@
+#pragma once
+
+#include <app.h>
+#include <http_request.h>
+#include <http_response.h>
+
+namespace cors_preflight
+{
+void requestRoutes(App& app)
+{
+    BMCWEB_ROUTE(app, "<str>")
+        .methods(boost::beast::http::verb::options)(
+            [](const crow::Request& req, crow::Response& res) {
+                // An empty body handler that simply returns the headers bmcweb
+                // uses This allows browsers to do their CORS preflight checks
+                res.end();
+            });
+}
+} // namespace cors_preflight
diff --git a/include/dbus_monitor.hpp b/include/dbus_monitor.hpp
index 9e22b9c66b..3630ecf0ef 100644
--- a/include/dbus_monitor.hpp
+++ b/include/dbus_monitor.hpp
@@ -114,8 +114,7 @@ inline int onPropertyUpdate(sd_bus_message* m, void* userdata,
     return 0;
 }
 
-template <typename... Middlewares>
-void requestRoutes(Crow<Middlewares...>& app)
+void requestRoutes(App& app)
 {
     BMCWEB_ROUTE(app, "/subscribe")
         .requires({"Login"})
diff --git a/include/ibm/management_console_rest.hpp b/include/ibm/management_console_rest.hpp
index 74cddc6f93..7cb744e4b7 100644
--- a/include/ibm/management_console_rest.hpp
+++ b/include/ibm/management_console_rest.hpp
@@ -574,8 +574,7 @@ void handleGetLockListAPI(const crow::Request& req, crow::Response& res,
     res.end();
 }
 
-template <typename... Middlewares>
-void requestRoutes(Crow<Middlewares...>& app)
+void requestRoutes(App& app)
 {
 
     // allowed only for admin
diff --git a/include/image_upload.hpp b/include/image_upload.hpp
index c1ec682778..af7aeac904 100644
--- a/include/image_upload.hpp
+++ b/include/image_upload.hpp
@@ -109,8 +109,7 @@ inline void uploadImageHandler(const crow::Request& req, crow::Response& res,
     timeout.async_wait(timeoutHandler);
 }
 
-template <typename... Middlewares>
-void requestRoutes(Crow<Middlewares...>& app)
+void requestRoutes(App& app)
 {
     BMCWEB_ROUTE(app, "/upload/image/<str>")
         .requires({"ConfigureComponents", "ConfigureManager"})
diff --git a/include/kvm_websocket.hpp b/include/kvm_websocket.hpp
index 6db06fce0c..4b56f23d67 100644
--- a/include/kvm_websocket.hpp
+++ b/include/kvm_websocket.hpp
@@ -5,7 +5,6 @@
 
 #include <async_resp.hpp>
 #include <boost/container/flat_map.hpp>
-#include <webserver_common.hpp>
 
 namespace crow
 {
@@ -155,7 +154,7 @@ static boost::container::flat_map<crow::websocket::Connection*,
                                   std::unique_ptr<KvmSession>>
     sessions;
 
-inline void requestRoutes(CrowApp& app)
+inline void requestRoutes(App& app)
 {
     sessions.reserve(maxSessions);
 
diff --git a/include/login_routes.hpp b/include/login_routes.hpp
index 91acda771e..bd335e356f 100644
--- a/include/login_routes.hpp
+++ b/include/login_routes.hpp
@@ -7,7 +7,6 @@
 
 #include <boost/container/flat_set.hpp>
 #include <pam_authenticate.hpp>
-#include <persistent_data_middleware.hpp>
 #include <webassets.hpp>
 
 #include <random>
@@ -18,15 +17,8 @@ namespace crow
 namespace login_routes
 {
 
-template <typename... Middlewares>
-void requestRoutes(Crow<Middlewares...>& app)
+void requestRoutes(App& app)
 {
-    static_assert(
-        black_magic::Contains<persistent_data::Middleware,
-                              Middlewares...>::value,
-        "token_authorization middleware must be enabled in app to use "
-        "auth routes");
-
     BMCWEB_ROUTE(app, "/login")
         .methods(boost::beast::http::verb::post)([](const crow::Request& req,
                                                     crow::Response& res) {
@@ -149,7 +141,7 @@ void requestRoutes(Crow<Middlewares...>& app)
                         persistent_data::SessionStore::getInstance()
                             .generateUserSession(
                                 username,
-                                crow::persistent_data::PersistenceType::TIMEOUT,
+                                persistent_data::PersistenceType::TIMEOUT,
                                 isConfigureSelfOnly);
 
                     if (looksLikePhosphorRest)
diff --git a/include/nbd_proxy.hpp b/include/nbd_proxy.hpp
index 212c1db370..462e4a7503 100644
--- a/include/nbd_proxy.hpp
+++ b/include/nbd_proxy.hpp
@@ -23,7 +23,6 @@
 #include <boost/container/flat_map.hpp>
 #include <dbus_utility.hpp>
 #include <privileges.hpp>
-#include <webserver_common.hpp>
 
 #include <variant>
 
@@ -248,7 +247,7 @@ static boost::container::flat_map<crow::websocket::Connection*,
                                   std::shared_ptr<NbdProxyServer>>
     sessions;
 
-void requestRoutes(CrowApp& app)
+void requestRoutes(App& app)
 {
     BMCWEB_ROUTE(app, "/nbd/<str>")
         .websocket()
diff --git a/include/obmc_console.hpp b/include/obmc_console.hpp
index 9e5e058b85..af02dde4cf 100644
--- a/include/obmc_console.hpp
+++ b/include/obmc_console.hpp
@@ -6,7 +6,6 @@
 #include <async_resp.hpp>
 #include <boost/container/flat_map.hpp>
 #include <boost/container/flat_set.hpp>
-#include <webserver_common.hpp>
 
 namespace crow
 {
@@ -102,7 +101,7 @@ void connectHandler(const boost::system::error_code& ec)
     doRead();
 }
 
-void requestRoutes(CrowApp& app)
+void requestRoutes(App& app)
 {
     BMCWEB_ROUTE(app, "/console0")
         .requires({"ConfigureComponents", "ConfigureManager"})
diff --git a/include/openbmc_dbus_rest.hpp b/include/openbmc_dbus_rest.hpp
index c41a568217..26904d9aba 100644
--- a/include/openbmc_dbus_rest.hpp
+++ b/include/openbmc_dbus_rest.hpp
@@ -2072,8 +2072,7 @@ inline void handleDBusUrl(const crow::Request& req, crow::Response& res,
     res.end();
 }
 
-template <typename... Middlewares>
-void requestRoutes(Crow<Middlewares...>& app)
+void requestRoutes(App& app)
 {
     BMCWEB_ROUTE(app, "/bus/")
         .requires({"Login"})
diff --git a/include/persistent_data_middleware.hpp b/include/persistent_data.hpp
index 819d69d89f..5d4661c503 100644
--- a/include/persistent_data_middleware.hpp
+++ b/include/persistent_data.hpp
@@ -16,15 +16,10 @@
 #include <fstream>
 #include <random>
 
-namespace crow
-{
-
 namespace persistent_data
 {
 
-namespace fs = std::filesystem;
-
-class Middleware
+class ConfigFile
 {
     uint64_t jsonRevision = 1;
 
@@ -32,15 +27,12 @@ class Middleware
     // todo(ed) should read this from a fixed location somewhere, not CWD
     static constexpr const char* filename = "bmcweb_persistent_data.json";
 
-    struct Context
-    {};
-
-    Middleware()
+    ConfigFile()
     {
         readData();
     }
 
-    ~Middleware()
+    ~ConfigFile()
     {
         if (persistent_data::SessionStore::getInstance().needsWrite())
         {
@@ -48,12 +40,6 @@ class Middleware
         }
     }
 
-    void beforeHandle(crow::Request& req, Response& res, Context& ctx)
-    {}
-
-    void afterHandle(Request& req, Response& res, Context& ctx)
-    {}
-
     // TODO(ed) this should really use protobuf, or some other serialization
     // library, but adding another dependency is somewhat outside the scope of
     // this application for the moment
@@ -161,9 +147,11 @@ class Middleware
         std::ofstream persistentFile(filename);
 
         // set the permission of the file to 640
-        fs::perms permission = fs::perms::owner_read | fs::perms::owner_write |
-                               fs::perms::group_read;
-        fs::permissions(filename, permission);
+        std::filesystem::perms permission =
+            std::filesystem::perms::owner_read |
+            std::filesystem::perms::owner_write |
+            std::filesystem::perms::group_read;
+        std::filesystem::permissions(filename, permission);
 
         nlohmann::json data{
             {"sessions", SessionStore::getInstance().authTokens},
@@ -176,5 +164,10 @@ class Middleware
     std::string systemUuid{""};
 };
 
+inline ConfigFile& getConfig()
+{
+    static ConfigFile f;
+    return f;
+}
+
 } // namespace persistent_data
-} // namespace crow
diff --git a/include/redfish_v1.hpp b/include/redfish_v1.hpp
index dfdb900b02..429fb084bd 100644
--- a/include/redfish_v1.hpp
+++ b/include/redfish_v1.hpp
@@ -2,19 +2,11 @@
 
 #include <app.h>
 
-#include <boost/algorithm/string.hpp>
-#include <dbus_singleton.hpp>
-#include <persistent_data_middleware.hpp>
-
-#include <fstream>
-#include <streambuf>
-#include <string>
 namespace crow
 {
 namespace redfish
 {
-template <typename... Middlewares>
-void requestRoutes(Crow<Middlewares...>& app)
+void requestRoutes(App& app)
 {
     BMCWEB_ROUTE(app, "/redfish/")
         .methods(boost::beast::http::verb::get)(
diff --git a/include/security_headers.hpp b/include/security_headers.hpp
new file mode 100644
index 0000000000..cf845c1b5e
--- /dev/null
+++ b/include/security_headers.hpp
@@ -0,0 +1,61 @@
+#pragma once
+
+#include <http_response.h>
+
+inline void addSecurityHeaders(crow::Response& res)
+{
+    /*
+     TODO(ed) these should really check content types.  for example,
+     X-UA-Compatible header doesn't make sense when retrieving a JSON or
+     javascript file.  It doesn't hurt anything, it's just ugly.
+     */
+    using bf = boost::beast::http::field;
+    res.addHeader(bf::strict_transport_security, "max-age=31536000; "
+                                                 "includeSubdomains; "
+                                                 "preload");
+    res.addHeader(bf::x_frame_options, "DENY");
+
+    res.addHeader(bf::pragma, "no-cache");
+    res.addHeader(bf::cache_control, "no-Store,no-Cache");
+
+    res.addHeader("X-XSS-Protection", "1; "
+                                      "mode=block");
+    res.addHeader("X-Content-Type-Options", "nosniff");
+
+#ifndef BMCWEB_INSECURE_DISABLE_XSS_PREVENTION
+    res.addHeader("Content-Security-Policy", "default-src 'none'; "
+                                             "img-src 'self' data:; "
+                                             "font-src 'self'; "
+                                             "style-src 'self'; "
+                                             "script-src 'self'; "
+                                             "connect-src 'self' wss:");
+    // The KVM currently needs to load images from base64 encoded
+    // strings. img-src 'self' data: is used to allow that.
+    // https://stackoverflow.com/questions/18447970/content-security-policy-data-not-working-for-base64-images-in-chrome-28
+
+#else
+    // If XSS is disabled, we need to allow loading from addresses other
+    // than self, as the BMC will be hosted elsewhere.
+    res.addHeader("Content-Security-Policy", "default-src 'none'; "
+                                             "img-src *; "
+                                             "font-src *; "
+                                             "style-src *; "
+                                             "script-src *; "
+                                             "connect-src *");
+
+    const std::string_view origin = req.getHeaderValue("Origin");
+    res.addHeader(bf::access_control_allow_origin, origin);
+    res.addHeader(bf::access_control_allow_methods, "GET, "
+                                                    "POST, "
+                                                    "PUT, "
+                                                    "PATCH, "
+                                                    "DELETE");
+    res.addHeader(bf::access_control_allow_credentials, "true");
+    res.addHeader(bf::access_control_allow_headers, "Origin, "
+                                                    "Content-Type, "
+                                                    "Accept, "
+                                                    "Cookie, "
+                                                    "X-XSRF-TOKEN");
+
+#endif
+}
diff --git a/include/security_headers_middleware.hpp b/include/security_headers_middleware.hpp
deleted file mode 100644
index d3c33356c7..0000000000
--- a/include/security_headers_middleware.hpp
+++ /dev/null
@@ -1,81 +0,0 @@
-#pragma once
-
-#include <http_request.h>
-#include <http_response.h>
-
-namespace crow
-{
-struct SecurityHeadersMiddleware
-{
-    struct Context
-    {};
-
-    void beforeHandle(crow::Request& req, Response& res, Context& ctx)
-    {
-#ifdef BMCWEB_INSECURE_DISABLE_XSS_PREVENTION
-        if (boost::beast::http::verb::options == req.method())
-        {
-            res.end();
-        }
-#endif
-    }
-
-    void afterHandle(Request& req, Response& res, Context& ctx)
-    {
-        /*
-         TODO(ed) these should really check content types.  for example,
-         X-UA-Compatible header doesn't make sense when retrieving a JSON or
-         javascript file.  It doesn't hurt anything, it's just ugly.
-         */
-        using bf = boost::beast::http::field;
-        res.addHeader(bf::strict_transport_security, "max-age=31536000; "
-                                                     "includeSubdomains; "
-                                                     "preload");
-        res.addHeader(bf::x_frame_options, "DENY");
-
-        res.addHeader(bf::pragma, "no-cache");
-        res.addHeader(bf::cache_control, "no-Store,no-Cache");
-
-        res.addHeader("X-XSS-Protection", "1; "
-                                          "mode=block");
-        res.addHeader("X-Content-Type-Options", "nosniff");
-
-#ifndef BMCWEB_INSECURE_DISABLE_XSS_PREVENTION
-        res.addHeader("Content-Security-Policy", "default-src 'none'; "
-                                                 "img-src 'self' data:; "
-                                                 "font-src 'self'; "
-                                                 "style-src 'self'; "
-                                                 "script-src 'self'; "
-                                                 "connect-src 'self' wss:");
-        // The KVM currently needs to load images from base64 encoded
-        // strings. img-src 'self' data: is used to allow that.
-        // https://stackoverflow.com/questions/18447970/content-security-policy-data-not-working-for-base64-images-in-chrome-28
-
-#else
-        // If XSS is disabled, we need to allow loading from addresses other
-        // than self, as the BMC will be hosted elsewhere.
-        res.addHeader("Content-Security-Policy", "default-src 'none'; "
-                                                 "img-src *; "
-                                                 "font-src *; "
-                                                 "style-src *; "
-                                                 "script-src *; "
-                                                 "connect-src *");
-
-        const std::string_view origin = req.getHeaderValue("Origin");
-        res.addHeader(bf::access_control_allow_origin, origin);
-        res.addHeader(bf::access_control_allow_methods, "GET, "
-                                                        "POST, "
-                                                        "PUT, "
-                                                        "PATCH, "
-                                                        "DELETE");
-        res.addHeader(bf::access_control_allow_credentials, "true");
-        res.addHeader(bf::access_control_allow_headers, "Origin, "
-                                                        "Content-Type, "
-                                                        "Accept, "
-                                                        "Cookie, "
-                                                        "X-XSRF-TOKEN");
-
-#endif
-    }
-};
-} // namespace crow
diff --git a/include/sessions.hpp b/include/sessions.hpp
index 217ce95e73..3a787fc129 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -20,9 +20,6 @@
 #include <ibm/locks.hpp>
 #endif
 
-namespace crow
-{
-
 namespace persistent_data
 {
 
@@ -364,10 +361,6 @@ class SessionStore
         return std::chrono::seconds(timeoutInMinutes).count();
     };
 
-    // Persistent data middleware needs to be able to serialize our authTokens
-    // structure, which is private
-    friend Middleware;
-
     static SessionStore& getInstance()
     {
         static SessionStore sessionStore;
@@ -377,6 +370,16 @@ class SessionStore
     SessionStore(const SessionStore&) = delete;
     SessionStore& operator=(const SessionStore&) = delete;
 
+    std::unordered_map<std::string, std::shared_ptr<UserSession>,
+                       std::hash<std::string>,
+                       crow::utility::ConstantTimeCompare>
+        authTokens;
+
+    std::chrono::time_point<std::chrono::steady_clock> lastTimeoutUpdate;
+    bool needWrite{false};
+    std::chrono::minutes timeoutInMinutes;
+    AuthConfigMethods authMethodsConfig;
+
   private:
     SessionStore() : timeoutInMinutes(60)
     {}
@@ -408,32 +411,20 @@ class SessionStore
             }
         }
     }
-
-    std::chrono::time_point<std::chrono::steady_clock> lastTimeoutUpdate;
-    std::unordered_map<std::string, std::shared_ptr<UserSession>,
-                       std::hash<std::string>,
-                       crow::utility::ConstantTimeCompare>
-        authTokens;
-    bool needWrite{false};
-    std::chrono::minutes timeoutInMinutes;
-    AuthConfigMethods authMethodsConfig;
 };
 
 } // namespace persistent_data
-} // namespace crow
 
 // to_json(...) definition for objects of UserSession type
 namespace nlohmann
 {
 template <>
-struct adl_serializer<std::shared_ptr<crow::persistent_data::UserSession>>
+struct adl_serializer<std::shared_ptr<persistent_data::UserSession>>
 {
-    static void
-        to_json(nlohmann::json& j,
-                const std::shared_ptr<crow::persistent_data::UserSession>& p)
+    static void to_json(nlohmann::json& j,
+                        const std::shared_ptr<persistent_data::UserSession>& p)
     {
-        if (p->persistence !=
-            crow::persistent_data::PersistenceType::SINGLE_REQUEST)
+        if (p->persistence != persistent_data::PersistenceType::SINGLE_REQUEST)
         {
 #ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
             j = nlohmann::json{
@@ -452,10 +443,10 @@ struct adl_serializer<std::shared_ptr<crow::persistent_data::UserSession>>
 };
 
 template <>
-struct adl_serializer<crow::persistent_data::AuthConfigMethods>
+struct adl_serializer<persistent_data::AuthConfigMethods>
 {
     static void to_json(nlohmann::json& j,
-                        const crow::persistent_data::AuthConfigMethods& c)
+                        const persistent_data::AuthConfigMethods& c)
     {
         j = nlohmann::json{{"XToken", c.xtoken},
                            {"Cookie", c.cookie},
diff --git a/include/vm_websocket.hpp b/include/vm_websocket.hpp
index dc352e25d4..33fadd0dee 100644
--- a/include/vm_websocket.hpp
+++ b/include/vm_websocket.hpp
@@ -5,7 +5,6 @@
 
 #include <boost/beast/core/flat_static_buffer.hpp>
 #include <boost/process.hpp>
-#include <webserver_common.hpp>
 
 #include <csignal>
 
@@ -155,8 +154,7 @@ class Handler : public std::enable_shared_from_this<Handler>
 
 static std::shared_ptr<Handler> handler;
 
-template <typename... Middlewares>
-void requestRoutes(Crow<Middlewares...>& app)
+void requestRoutes(App& app)
 {
     BMCWEB_ROUTE(app, "/vm/0/0")
         .requires({"ConfigureComponents", "ConfigureManager"})
diff --git a/include/webassets.hpp b/include/webassets.hpp
index bb9ab7f9e6..54d3c9814f 100644
--- a/include/webassets.hpp
+++ b/include/webassets.hpp
@@ -27,8 +27,7 @@ struct CmpStr
     }
 };
 
-template <typename... Middlewares>
-void requestRoutes(Crow<Middlewares...>& app)
+void requestRoutes(App& app)
 {
     const static boost::container::flat_map<const char*, const char*, CmpStr>
         contentTypes{
diff --git a/include/webserver_common.hpp b/include/webserver_common.hpp
deleted file mode 100644
index d8876d473b..0000000000
--- a/include/webserver_common.hpp
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
-// Copyright (c) 2018 Intel Corporation
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-*/
-#pragma once
-
-#include "persistent_data_middleware.hpp"
-#include "security_headers_middleware.hpp"
-
-using CrowApp = crow::App<crow::SecurityHeadersMiddleware,
-                          crow::persistent_data::Middleware>;
diff --git a/redfish-core/include/node.hpp b/redfish-core/include/node.hpp
index d13f097850..be098ca8be 100644
--- a/redfish-core/include/node.hpp
+++ b/redfish-core/include/node.hpp
@@ -19,7 +19,6 @@
 #include "http_response.h"
 
 #include "privileges.hpp"
-#include "webserver_common.hpp"
 
 #include <error_messages.hpp>
 
@@ -54,7 +53,7 @@ class Node
 {
   public:
     template <typename... Params>
-    Node(CrowApp& app, std::string&& entityUrl, Params... paramsIn)
+    Node(App& app, std::string&& entityUrl, Params... paramsIn)
     {
         crow::DynamicRule& get = app.routeDynamic(entityUrl.c_str());
         getRule = &get;
diff --git a/redfish-core/include/redfish.hpp b/redfish-core/include/redfish.hpp
index bdec359a24..18a0353e49 100644
--- a/redfish-core/include/redfish.hpp
+++ b/redfish-core/include/redfish.hpp
@@ -41,7 +41,6 @@
 #include "../lib/virtual_media.hpp"
 #endif // BMCWEB_ENABLE_VM_NBDPROXY
 #include "../lib/hypervisor_ethernet.hpp"
-#include "webserver_common.hpp"
 
 namespace redfish
 {
@@ -58,7 +57,7 @@ class RedfishService
      *
      * @param[in] app   Crow app on which Redfish will initialize
      */
-    RedfishService(CrowApp& app)
+    RedfishService(App& app)
     {
         nodes.emplace_back(std::make_unique<AccountService>(app));
         nodes.emplace_back(std::make_unique<AccountsCollection>(app));
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 8ef14349ff..052214985d 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -19,6 +19,7 @@
 #include <dbus_utility.hpp>
 #include <error_messages.hpp>
 #include <openbmc_dbus_rest.hpp>
+#include <persistent_data.hpp>
 #include <utils/json_utils.hpp>
 
 #include <variant>
@@ -556,7 +557,7 @@ inline void getLDAPConfigData(const std::string& ldapType,
 class AccountService : public Node
 {
   public:
-    AccountService(CrowApp& app) :
+    AccountService(App& app) :
         Node(app, "/redfish/v1/AccountService/"), app(app)
     {
         entityPrivileges = {
@@ -909,9 +910,8 @@ class AccountService : public Node
         }
 
         // Make a copy of methods configuration
-        crow::persistent_data::AuthConfigMethods authMethodsConfig =
-            crow::persistent_data::SessionStore::getInstance()
-                .getAuthMethodsConfig();
+        persistent_data::AuthConfigMethods authMethodsConfig =
+            persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
 
         if (basicAuth)
         {
@@ -948,11 +948,10 @@ class AccountService : public Node
             return;
         }
 
-        crow::persistent_data::SessionStore::getInstance()
-            .updateAuthMethodsConfig(authMethodsConfig);
+        persistent_data::SessionStore::getInstance().updateAuthMethodsConfig(
+            authMethodsConfig);
         // Save configuration immediately
-        app.template getMiddleware<crow::persistent_data::Middleware>()
-            .writeData();
+        persistent_data::getConfig().writeData();
 
         messages::success(asyncResp->res);
     }
@@ -1126,9 +1125,8 @@ class AccountService : public Node
     void doGet(crow::Response& res, const crow::Request& req,
                const std::vector<std::string>& params) override
     {
-        const crow::persistent_data::AuthConfigMethods& authMethodsConfig =
-            crow::persistent_data::SessionStore::getInstance()
-                .getAuthMethodsConfig();
+        const persistent_data::AuthConfigMethods& authMethodsConfig =
+            persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
 
         auto asyncResp = std::make_shared<AsyncResp>(res);
         res.jsonValue = {
@@ -1315,13 +1313,13 @@ class AccountService : public Node
         }
     }
 
-    CrowApp& app;
+    App& app;
 };
 
 class AccountsCollection : public Node
 {
   public:
-    AccountsCollection(CrowApp& app) :
+    AccountsCollection(App& app) :
         Node(app, "/redfish/v1/AccountService/Accounts/")
     {
         entityPrivileges = {
@@ -1510,7 +1508,7 @@ class AccountsCollection : public Node
 class ManagerAccount : public Node
 {
   public:
-    ManagerAccount(CrowApp& app) :
+    ManagerAccount(App& app) :
         Node(app, "/redfish/v1/AccountService/Accounts/<str>/", std::string())
     {
         entityPrivileges = {
diff --git a/redfish-core/lib/bios.hpp b/redfish-core/lib/bios.hpp
index 0a0effa565..b997ad484b 100644
--- a/redfish-core/lib/bios.hpp
+++ b/redfish-core/lib/bios.hpp
@@ -11,7 +11,7 @@ namespace redfish
 class BiosService : public Node
 {
   public:
-    BiosService(CrowApp& app) : Node(app, "/redfish/v1/Systems/system/Bios/")
+    BiosService(App& app) : Node(app, "/redfish/v1/Systems/system/Bios/")
     {
         entityPrivileges = {{boost::beast::http::verb::get, {{"Login"}}}};
     }
@@ -43,7 +43,7 @@ class BiosService : public Node
 class BiosReset : public Node
 {
   public:
-    BiosReset(CrowApp& app) :
+    BiosReset(App& app) :
         Node(app, "/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios/")
     {
         entityPrivileges = {
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp
index 7a94935546..6ade4e5e3a 100644
--- a/redfish-core/lib/certificate_service.hpp
+++ b/redfish-core/lib/certificate_service.hpp
@@ -52,8 +52,7 @@ constexpr char const* authorityObjectPath =
 class CertificateService : public Node
 {
   public:
-    CertificateService(CrowApp& app) :
-        Node(app, "/redfish/v1/CertificateService/")
+    CertificateService(App& app) : Node(app, "/redfish/v1/CertificateService/")
     {
         // TODO: Issue#61 No entries are available for Certificate
         // service at https://www.dmtf.org/standards/redfish
@@ -249,7 +248,7 @@ static void getCSR(const std::shared_ptr<AsyncResp>& asyncResp,
 class CertificateActionGenerateCSR : public Node
 {
   public:
-    CertificateActionGenerateCSR(CrowApp& app) :
+    CertificateActionGenerateCSR(App& app) :
         Node(app, "/redfish/v1/CertificateService/Actions/"
                   "CertificateService.GenerateCSR/")
     {
@@ -687,7 +686,7 @@ using GetObjectType =
 class CertificateActionsReplaceCertificate : public Node
 {
   public:
-    CertificateActionsReplaceCertificate(CrowApp& app) :
+    CertificateActionsReplaceCertificate(App& app) :
         Node(app, "/redfish/v1/CertificateService/Actions/"
                   "CertificateService.ReplaceCertificate/")
     {
@@ -812,8 +811,7 @@ class CertificateActionsReplaceCertificate : public Node
 class HTTPSCertificate : public Node
 {
   public:
-    template <typename CrowApp>
-    HTTPSCertificate(CrowApp& app) :
+    HTTPSCertificate(App& app) :
         Node(app,
              "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"
              "<str>/",
@@ -858,8 +856,7 @@ class HTTPSCertificate : public Node
 class HTTPSCertificateCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    HTTPSCertificateCollection(CrowApp& app) :
+    HTTPSCertificateCollection(App& app) :
         Node(app,
              "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/")
     {
@@ -970,8 +967,7 @@ class HTTPSCertificateCollection : public Node
 class CertificateLocations : public Node
 {
   public:
-    template <typename CrowApp>
-    CertificateLocations(CrowApp& app) :
+    CertificateLocations(App& app) :
         Node(app, "/redfish/v1/CertificateService/CertificateLocations/")
     {
         entityPrivileges = {
@@ -1061,8 +1057,7 @@ class CertificateLocations : public Node
 class LDAPCertificateCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    LDAPCertificateCollection(CrowApp& app) :
+    LDAPCertificateCollection(App& app) :
         Node(app, "/redfish/v1/AccountService/LDAP/Certificates/")
     {
         entityPrivileges = {
@@ -1165,8 +1160,7 @@ class LDAPCertificateCollection : public Node
 class LDAPCertificate : public Node
 {
   public:
-    template <typename CrowApp>
-    LDAPCertificate(CrowApp& app) :
+    LDAPCertificate(App& app) :
         Node(app, "/redfish/v1/AccountService/LDAP/Certificates/<str>/",
              std::string())
     {
@@ -1206,8 +1200,7 @@ class LDAPCertificate : public Node
 class TrustStoreCertificateCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    TrustStoreCertificateCollection(CrowApp& app) :
+    TrustStoreCertificateCollection(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/")
     {
         entityPrivileges = {
@@ -1311,8 +1304,7 @@ class TrustStoreCertificateCollection : public Node
 class TrustStoreCertificate : public Node
 {
   public:
-    template <typename CrowApp>
-    TrustStoreCertificate(CrowApp& app) :
+    TrustStoreCertificate(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/Truststore/Certificates/<str>/",
              std::string())
     {
diff --git a/redfish-core/lib/chassis.hpp b/redfish-core/lib/chassis.hpp
index 7a7748ac6d..ce0a8c1269 100644
--- a/redfish-core/lib/chassis.hpp
+++ b/redfish-core/lib/chassis.hpp
@@ -160,7 +160,7 @@ void getPhysicalSecurityData(std::shared_ptr<AsyncResp> aResp)
 class ChassisCollection : public Node
 {
   public:
-    ChassisCollection(CrowApp& app) : Node(app, "/redfish/v1/Chassis/")
+    ChassisCollection(App& app) : Node(app, "/redfish/v1/Chassis/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -227,8 +227,7 @@ class ChassisCollection : public Node
 class Chassis : public Node
 {
   public:
-    Chassis(CrowApp& app) :
-        Node(app, "/redfish/v1/Chassis/<str>/", std::string())
+    Chassis(App& app) : Node(app, "/redfish/v1/Chassis/<str>/", std::string())
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -556,7 +555,7 @@ void doChassisPowerCycle(std::shared_ptr<AsyncResp> asyncResp)
 class ChassisResetAction : public Node
 {
   public:
-    ChassisResetAction(CrowApp& app) :
+    ChassisResetAction(App& app) :
         Node(app, "/redfish/v1/Chassis/<str>/Actions/Chassis.Reset/",
              std::string())
     {
@@ -605,7 +604,7 @@ class ChassisResetActionInfo : public Node
     /*
      * Default Constructor
      */
-    ChassisResetActionInfo(CrowApp& app) :
+    ChassisResetActionInfo(App& app) :
         Node(app, "/redfish/v1/Chassis/<str>/ResetActionInfo/", std::string())
     {
         entityPrivileges = {
diff --git a/redfish-core/lib/cpudimm.hpp b/redfish-core/lib/cpudimm.hpp
index 0ea5e87dfa..0510f2b611 100644
--- a/redfish-core/lib/cpudimm.hpp
+++ b/redfish-core/lib/cpudimm.hpp
@@ -1028,7 +1028,7 @@ class ProcessorCollection : public Node
     /*
      * Default Constructor
      */
-    ProcessorCollection(CrowApp& app) :
+    ProcessorCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/Processors/")
     {
         entityPrivileges = {
@@ -1066,7 +1066,7 @@ class Processor : public Node
     /*
      * Default Constructor
      */
-    Processor(CrowApp& app) :
+    Processor(App& app) :
         Node(app, "/redfish/v1/Systems/system/Processors/<str>/", std::string())
     {
         entityPrivileges = {
@@ -1114,8 +1114,7 @@ class MemoryCollection : public Node
     /*
      * Default Constructor
      */
-    MemoryCollection(CrowApp& app) :
-        Node(app, "/redfish/v1/Systems/system/Memory/")
+    MemoryCollection(App& app) : Node(app, "/redfish/v1/Systems/system/Memory/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -1149,7 +1148,7 @@ class Memory : public Node
     /*
      * Default Constructor
      */
-    Memory(CrowApp& app) :
+    Memory(App& app) :
         Node(app, "/redfish/v1/Systems/system/Memory/<str>/", std::string())
     {
         entityPrivileges = {
diff --git a/redfish-core/lib/ethernet.hpp b/redfish-core/lib/ethernet.hpp
index 21443f416a..a47d4b1052 100644
--- a/redfish-core/lib/ethernet.hpp
+++ b/redfish-core/lib/ethernet.hpp
@@ -1003,8 +1003,7 @@ void getEthernetIfaceList(CallbackFunc&& callback)
 class EthernetCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    EthernetCollection(CrowApp& app) :
+    EthernetCollection(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/EthernetInterfaces/")
     {
         entityPrivileges = {
@@ -1076,8 +1075,7 @@ class EthernetInterface : public Node
     /*
      * Default Constructor
      */
-    template <typename CrowApp>
-    EthernetInterface(CrowApp& app) :
+    EthernetInterface(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/EthernetInterfaces/<str>/",
              std::string())
     {
@@ -2066,8 +2064,7 @@ class VlanNetworkInterface : public Node
     /*
      * Default Constructor
      */
-    template <typename CrowApp>
-    VlanNetworkInterface(CrowApp& app) :
+    VlanNetworkInterface(App& app) :
         Node(app,
              "/redfish/v1/Managers/bmc/EthernetInterfaces/<str>/VLANs/<str>/",
              std::string(), std::string())
@@ -2309,8 +2306,7 @@ class VlanNetworkInterface : public Node
 class VlanNetworkInterfaceCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    VlanNetworkInterfaceCollection(CrowApp& app) :
+    VlanNetworkInterfaceCollection(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/EthernetInterfaces/<str>/VLANs/",
              std::string())
     {
diff --git a/redfish-core/lib/event_service.hpp b/redfish-core/lib/event_service.hpp
index b532815e4d..26cd80a665 100644
--- a/redfish-core/lib/event_service.hpp
+++ b/redfish-core/lib/event_service.hpp
@@ -39,7 +39,7 @@ static constexpr const uint8_t maxNoOfSubscriptions = 20;
 class EventService : public Node
 {
   public:
-    EventService(CrowApp& app) : Node(app, "/redfish/v1/EventService/")
+    EventService(App& app) : Node(app, "/redfish/v1/EventService/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -153,7 +153,7 @@ class EventService : public Node
 class SubmitTestEvent : public Node
 {
   public:
-    SubmitTestEvent(CrowApp& app) :
+    SubmitTestEvent(App& app) :
         Node(app,
              "/redfish/v1/EventService/Actions/EventService.SubmitTestEvent/")
     {
@@ -179,7 +179,7 @@ class SubmitTestEvent : public Node
 class EventDestinationCollection : public Node
 {
   public:
-    EventDestinationCollection(CrowApp& app) :
+    EventDestinationCollection(App& app) :
         Node(app, "/redfish/v1/EventService/Subscriptions/")
     {
         entityPrivileges = {
@@ -450,7 +450,7 @@ class EventDestinationCollection : public Node
 class EventServiceSSE : public Node
 {
   public:
-    EventServiceSSE(CrowApp& app) :
+    EventServiceSSE(App& app) :
         Node(app, "/redfish/v1/EventService/Subscriptions/SSE/")
     {
         entityPrivileges = {
@@ -555,7 +555,7 @@ class EventServiceSSE : public Node
 class EventDestination : public Node
 {
   public:
-    EventDestination(CrowApp& app) :
+    EventDestination(App& app) :
         Node(app, "/redfish/v1/EventService/Subscriptions/<str>/",
              std::string())
     {
diff --git a/redfish-core/lib/hypervisor_ethernet.hpp b/redfish-core/lib/hypervisor_ethernet.hpp
index bcd5afec6c..f0955b21c0 100644
--- a/redfish-core/lib/hypervisor_ethernet.hpp
+++ b/redfish-core/lib/hypervisor_ethernet.hpp
@@ -22,8 +22,7 @@ class HypervisorSystem : public Node
     /*
      * Default Constructor
      */
-    HypervisorSystem(CrowApp& app) :
-        Node(app, "/redfish/v1/Systems/hypervisor/")
+    HypervisorSystem(App& app) : Node(app, "/redfish/v1/Systems/hypervisor/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -78,8 +77,7 @@ class HypervisorSystem : public Node
 class HypervisorInterfaceCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    HypervisorInterfaceCollection(CrowApp& app) :
+    HypervisorInterfaceCollection(App& app) :
         Node(app, "/redfish/v1/Systems/hypervisor/EthernetInterfaces/")
     {
         entityPrivileges = {
@@ -473,8 +471,7 @@ class HypervisorInterface : public Node
     /*
      * Default Constructor
      */
-    template <typename CrowApp>
-    HypervisorInterface(CrowApp& app) :
+    HypervisorInterface(App& app) :
         Node(app, "/redfish/v1/Systems/hypervisor/EthernetInterfaces/<str>/",
              std::string())
     {
diff --git a/redfish-core/lib/log_services.hpp b/redfish-core/lib/log_services.hpp
index aed37b0668..a884290ff0 100644
--- a/redfish-core/lib/log_services.hpp
+++ b/redfish-core/lib/log_services.hpp
@@ -930,8 +930,7 @@ constexpr char const* postCodeIface = "xyz.openbmc_project.State.Boot.PostCode";
 class SystemLogServiceCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    SystemLogServiceCollection(CrowApp& app) :
+    SystemLogServiceCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/")
     {
         entityPrivileges = {
@@ -1011,8 +1010,7 @@ class SystemLogServiceCollection : public Node
 class EventLogService : public Node
 {
   public:
-    template <typename CrowApp>
-    EventLogService(CrowApp& app) :
+    EventLogService(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/EventLog/")
     {
         entityPrivileges = {
@@ -1051,7 +1049,7 @@ class EventLogService : public Node
 class JournalEventLogClear : public Node
 {
   public:
-    JournalEventLogClear(CrowApp& app) :
+    JournalEventLogClear(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/EventLog/Actions/"
                   "LogService.ClearLog/")
     {
@@ -1199,8 +1197,7 @@ static int fillEventLogEntryJson(const std::string& logEntryID,
 class JournalEventLogEntryCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    JournalEventLogEntryCollection(CrowApp& app) :
+    JournalEventLogEntryCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/EventLog/Entries/")
     {
         entityPrivileges = {
@@ -1301,7 +1298,7 @@ class JournalEventLogEntryCollection : public Node
 class JournalEventLogEntry : public Node
 {
   public:
-    JournalEventLogEntry(CrowApp& app) :
+    JournalEventLogEntry(App& app) :
         Node(app,
              "/redfish/v1/Systems/system/LogServices/EventLog/Entries/<str>/",
              std::string())
@@ -1378,8 +1375,7 @@ class JournalEventLogEntry : public Node
 class DBusEventLogEntryCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    DBusEventLogEntryCollection(CrowApp& app) :
+    DBusEventLogEntryCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/EventLog/Entries/")
     {
         entityPrivileges = {
@@ -1519,7 +1515,7 @@ class DBusEventLogEntryCollection : public Node
 class DBusEventLogEntry : public Node
 {
   public:
-    DBusEventLogEntry(CrowApp& app) :
+    DBusEventLogEntry(App& app) :
         Node(app,
              "/redfish/v1/Systems/system/LogServices/EventLog/Entries/<str>/",
              std::string())
@@ -1675,8 +1671,7 @@ class DBusEventLogEntry : public Node
 class BMCLogServiceCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    BMCLogServiceCollection(CrowApp& app) :
+    BMCLogServiceCollection(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/")
     {
         entityPrivileges = {
@@ -1723,8 +1718,7 @@ class BMCLogServiceCollection : public Node
 class BMCJournalLogService : public Node
 {
   public:
-    template <typename CrowApp>
-    BMCJournalLogService(CrowApp& app) :
+    BMCJournalLogService(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/Journal/")
     {
         entityPrivileges = {
@@ -1804,8 +1798,7 @@ static int fillBMCJournalLogEntryJson(const std::string& bmcJournalLogEntryID,
 class BMCJournalLogEntryCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    BMCJournalLogEntryCollection(CrowApp& app) :
+    BMCJournalLogEntryCollection(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/Journal/Entries/")
     {
         entityPrivileges = {
@@ -1908,7 +1901,7 @@ class BMCJournalLogEntryCollection : public Node
 class BMCJournalLogEntry : public Node
 {
   public:
-    BMCJournalLogEntry(CrowApp& app) :
+    BMCJournalLogEntry(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/Journal/Entries/<str>/",
              std::string())
     {
@@ -1995,8 +1988,7 @@ class BMCJournalLogEntry : public Node
 class BMCDumpService : public Node
 {
   public:
-    template <typename CrowApp>
-    BMCDumpService(CrowApp& app) :
+    BMCDumpService(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/Dump/")
     {
         entityPrivileges = {
@@ -2039,8 +2031,7 @@ class BMCDumpService : public Node
 class BMCDumpEntryCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    BMCDumpEntryCollection(CrowApp& app) :
+    BMCDumpEntryCollection(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/Dump/Entries/")
     {
         entityPrivileges = {
@@ -2076,7 +2067,7 @@ class BMCDumpEntryCollection : public Node
 class BMCDumpEntry : public Node
 {
   public:
-    BMCDumpEntry(CrowApp& app) :
+    BMCDumpEntry(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/Dump/Entries/<str>/",
              std::string())
     {
@@ -2118,7 +2109,7 @@ class BMCDumpEntry : public Node
 class BMCDumpCreate : public Node
 {
   public:
-    BMCDumpCreate(CrowApp& app) :
+    BMCDumpCreate(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/Dump/"
                   "Actions/Oem/"
                   "OemLogService.CollectDiagnosticData/")
@@ -2143,7 +2134,7 @@ class BMCDumpCreate : public Node
 class BMCDumpEntryDownload : public Node
 {
   public:
-    BMCDumpEntryDownload(CrowApp& app) :
+    BMCDumpEntryDownload(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/Dump/attachment/<str>/",
              std::string())
     {
@@ -2173,7 +2164,7 @@ class BMCDumpEntryDownload : public Node
 class BMCDumpClear : public Node
 {
   public:
-    BMCDumpClear(CrowApp& app) :
+    BMCDumpClear(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/LogServices/Dump/"
                   "Actions/"
                   "LogService.ClearLog/")
@@ -2198,8 +2189,7 @@ class BMCDumpClear : public Node
 class SystemDumpService : public Node
 {
   public:
-    template <typename CrowApp>
-    SystemDumpService(CrowApp& app) :
+    SystemDumpService(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/Dump/")
     {
         entityPrivileges = {
@@ -2243,8 +2233,7 @@ class SystemDumpService : public Node
 class SystemDumpEntryCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    SystemDumpEntryCollection(CrowApp& app) :
+    SystemDumpEntryCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/Dump/Entries/")
     {
         entityPrivileges = {
@@ -2280,7 +2269,7 @@ class SystemDumpEntryCollection : public Node
 class SystemDumpEntry : public Node
 {
   public:
-    SystemDumpEntry(CrowApp& app) :
+    SystemDumpEntry(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/Dump/Entries/<str>/",
              std::string())
     {
@@ -2322,7 +2311,7 @@ class SystemDumpEntry : public Node
 class SystemDumpCreate : public Node
 {
   public:
-    SystemDumpCreate(CrowApp& app) :
+    SystemDumpCreate(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/Dump/"
                   "Actions/Oem/"
                   "OemLogService.CollectDiagnosticData/")
@@ -2347,7 +2336,7 @@ class SystemDumpCreate : public Node
 class SystemDumpEntryDownload : public Node
 {
   public:
-    SystemDumpEntryDownload(CrowApp& app) :
+    SystemDumpEntryDownload(App& app) :
         Node(app,
              "/redfish/v1/Systems/system/LogServices/Dump/attachment/<str>/",
              std::string())
@@ -2378,7 +2367,7 @@ class SystemDumpEntryDownload : public Node
 class SystemDumpClear : public Node
 {
   public:
-    SystemDumpClear(CrowApp& app) :
+    SystemDumpClear(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/Dump/"
                   "Actions/"
                   "LogService.ClearLog/")
@@ -2403,8 +2392,7 @@ class SystemDumpClear : public Node
 class CrashdumpService : public Node
 {
   public:
-    template <typename CrowApp>
-    CrashdumpService(CrowApp& app) :
+    CrashdumpService(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/")
     {
         // Note: Deviated from redfish privilege registry for GET & HEAD
@@ -2463,7 +2451,7 @@ class CrashdumpService : public Node
 class CrashdumpClear : public Node
 {
   public:
-    CrashdumpClear(CrowApp& app) :
+    CrashdumpClear(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/"
                   "LogService.ClearLog/")
     {
@@ -2556,8 +2544,7 @@ static void logCrashdumpEntry(std::shared_ptr<AsyncResp> asyncResp,
 class CrashdumpEntryCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    CrashdumpEntryCollection(CrowApp& app) :
+    CrashdumpEntryCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/Entries/")
     {
         // Note: Deviated from redfish privilege registry for GET & HEAD
@@ -2642,7 +2629,7 @@ class CrashdumpEntryCollection : public Node
 class CrashdumpEntry : public Node
 {
   public:
-    CrashdumpEntry(CrowApp& app) :
+    CrashdumpEntry(App& app) :
         Node(app,
              "/redfish/v1/Systems/system/LogServices/Crashdump/Entries/<str>/",
              std::string())
@@ -2676,7 +2663,7 @@ class CrashdumpEntry : public Node
 class CrashdumpFile : public Node
 {
   public:
-    CrashdumpFile(CrowApp& app) :
+    CrashdumpFile(App& app) :
         Node(app,
              "/redfish/v1/Systems/system/LogServices/Crashdump/Entries/<str>/"
              "<str>/",
@@ -2779,7 +2766,7 @@ class CrashdumpFile : public Node
 class OnDemandCrashdump : public Node
 {
   public:
-    OnDemandCrashdump(CrowApp& app) :
+    OnDemandCrashdump(App& app) :
         Node(app,
              "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/"
              "Crashdump.OnDemand/")
@@ -2851,7 +2838,7 @@ class OnDemandCrashdump : public Node
 class TelemetryCrashdump : public Node
 {
   public:
-    TelemetryCrashdump(CrowApp& app) :
+    TelemetryCrashdump(App& app) :
         Node(app,
              "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/"
              "Crashdump.Telemetry/")
@@ -2923,7 +2910,7 @@ class TelemetryCrashdump : public Node
 class SendRawPECI : public Node
 {
   public:
-    SendRawPECI(CrowApp& app) :
+    SendRawPECI(App& app) :
         Node(app,
              "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/"
              "Crashdump.SendRawPeci/")
@@ -3020,7 +3007,7 @@ class SendRawPECI : public Node
 class DBusLogServiceActionsClear : public Node
 {
   public:
-    DBusLogServiceActionsClear(CrowApp& app) :
+    DBusLogServiceActionsClear(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/EventLog/Actions/"
                   "LogService.ClearLog/")
     {
@@ -3075,7 +3062,7 @@ class DBusLogServiceActionsClear : public Node
 class PostCodesLogService : public Node
 {
   public:
-    PostCodesLogService(CrowApp& app) :
+    PostCodesLogService(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/PostCodes/")
     {
         entityPrivileges = {
@@ -3113,7 +3100,7 @@ class PostCodesLogService : public Node
 class PostCodesClear : public Node
 {
   public:
-    PostCodesClear(CrowApp& app) :
+    PostCodesClear(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/PostCodes/Actions/"
                   "LogService.ClearLog/")
     {
@@ -3392,8 +3379,7 @@ static void getCurrentBootNumber(std::shared_ptr<AsyncResp> aResp,
 class PostCodesEntryCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    PostCodesEntryCollection(CrowApp& app) :
+    PostCodesEntryCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/LogServices/PostCodes/Entries/")
     {
         entityPrivileges = {
@@ -3441,7 +3427,7 @@ class PostCodesEntryCollection : public Node
 class PostCodesEntry : public Node
 {
   public:
-    PostCodesEntry(CrowApp& app) :
+    PostCodesEntry(App& app) :
         Node(app,
              "/redfish/v1/Systems/system/LogServices/PostCodes/Entries/<str>/",
              std::string())
diff --git a/redfish-core/lib/managers.hpp b/redfish-core/lib/managers.hpp
index b65f89de04..552c264d0b 100644
--- a/redfish-core/lib/managers.hpp
+++ b/redfish-core/lib/managers.hpp
@@ -73,7 +73,7 @@ void doBMCGracefulRestart(std::shared_ptr<AsyncResp> asyncResp)
 class ManagerResetAction : public Node
 {
   public:
-    ManagerResetAction(CrowApp& app) :
+    ManagerResetAction(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/Actions/Manager.Reset/")
     {
         entityPrivileges = {
@@ -119,7 +119,7 @@ class ManagerResetAction : public Node
 class ManagerResetToDefaultsAction : public Node
 {
   public:
-    ManagerResetToDefaultsAction(CrowApp& app) :
+    ManagerResetToDefaultsAction(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/Actions/Manager.ResetToDefaults/")
     {
         entityPrivileges = {
@@ -194,7 +194,7 @@ class ManagerResetActionInfo : public Node
     /*
      * Default Constructor
      */
-    ManagerResetActionInfo(CrowApp& app) :
+    ManagerResetActionInfo(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/ResetActionInfo/")
     {
         entityPrivileges = {
@@ -1659,10 +1659,10 @@ struct SetPIDValues : std::enable_shared_from_this<SetPIDValues>
 class Manager : public Node
 {
   public:
-    Manager(CrowApp& app) : Node(app, "/redfish/v1/Managers/bmc/")
+    Manager(App& app) : Node(app, "/redfish/v1/Managers/bmc/")
     {
-        uuid = app.template getMiddleware<crow::persistent_data::Middleware>()
-                   .systemUuid;
+
+        uuid = persistent_data::getConfig().systemUuid;
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
             {boost::beast::http::verb::head, {{"Login"}}},
@@ -2076,7 +2076,7 @@ class Manager : public Node
 class ManagerCollection : public Node
 {
   public:
-    ManagerCollection(CrowApp& app) : Node(app, "/redfish/v1/Managers/")
+    ManagerCollection(App& app) : Node(app, "/redfish/v1/Managers/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
diff --git a/redfish-core/lib/message_registries.hpp b/redfish-core/lib/message_registries.hpp
index 57e0ad2433..63aa5f3cf7 100644
--- a/redfish-core/lib/message_registries.hpp
+++ b/redfish-core/lib/message_registries.hpp
@@ -28,8 +28,7 @@ namespace redfish
 class MessageRegistryFileCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    MessageRegistryFileCollection(CrowApp& app) :
+    MessageRegistryFileCollection(App& app) :
         Node(app, "/redfish/v1/Registries/")
     {
         entityPrivileges = {
@@ -71,8 +70,7 @@ class MessageRegistryFileCollection : public Node
 class MessageRegistryFile : public Node
 {
   public:
-    template <typename CrowApp>
-    MessageRegistryFile(CrowApp& app) :
+    MessageRegistryFile(App& app) :
         Node(app, "/redfish/v1/Registries/<str>/", std::string())
     {
         entityPrivileges = {
@@ -157,8 +155,7 @@ class MessageRegistryFile : public Node
 class MessageRegistry : public Node
 {
   public:
-    template <typename CrowApp>
-    MessageRegistry(CrowApp& app) :
+    MessageRegistry(App& app) :
         Node(app, "/redfish/v1/Registries/<str>/<str>/", std::string(),
              std::string())
     {
diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp
index b32fde10b9..3e48efb113 100644
--- a/redfish-core/lib/network_protocol.hpp
+++ b/redfish-core/lib/network_protocol.hpp
@@ -130,7 +130,7 @@ void getEthernetIfaceData(CallbackFunc&& callback)
 class NetworkProtocol : public Node
 {
   public:
-    NetworkProtocol(CrowApp& app) :
+    NetworkProtocol(App& app) :
         Node(app, "/redfish/v1/Managers/bmc/NetworkProtocol/")
     {
         entityPrivileges = {
diff --git a/redfish-core/lib/pcie.hpp b/redfish-core/lib/pcie.hpp
index ac2a2f9eb8..e2f35917b6 100644
--- a/redfish-core/lib/pcie.hpp
+++ b/redfish-core/lib/pcie.hpp
@@ -72,8 +72,7 @@ static inline void getPCIeDeviceList(std::shared_ptr<AsyncResp> asyncResp,
 class SystemPCIeDeviceCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    SystemPCIeDeviceCollection(CrowApp& app) :
+    SystemPCIeDeviceCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/PCIeDevices/")
     {
         entityPrivileges = {
@@ -107,7 +106,7 @@ class SystemPCIeDeviceCollection : public Node
 class SystemPCIeDevice : public Node
 {
   public:
-    SystemPCIeDevice(CrowApp& app) :
+    SystemPCIeDevice(App& app) :
         Node(app, "/redfish/v1/Systems/system/PCIeDevices/<str>/",
              std::string())
     {
@@ -192,8 +191,7 @@ class SystemPCIeDevice : public Node
 class SystemPCIeFunctionCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    SystemPCIeFunctionCollection(CrowApp& app) :
+    SystemPCIeFunctionCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/PCIeDevices/<str>/PCIeFunctions/",
              std::string())
     {
@@ -287,7 +285,7 @@ class SystemPCIeFunctionCollection : public Node
 class SystemPCIeFunction : public Node
 {
   public:
-    SystemPCIeFunction(CrowApp& app) :
+    SystemPCIeFunction(App& app) :
         Node(
             app,
             "/redfish/v1/Systems/system/PCIeDevices/<str>/PCIeFunctions/<str>/",
diff --git a/redfish-core/lib/power.hpp b/redfish-core/lib/power.hpp
index 59492c359c..544c42b7cf 100644
--- a/redfish-core/lib/power.hpp
+++ b/redfish-core/lib/power.hpp
@@ -25,7 +25,7 @@ namespace redfish
 class Power : public Node
 {
   public:
-    Power(CrowApp& app) :
+    Power(App& app) :
         Node((app), "/redfish/v1/Chassis/<str>/Power/", std::string())
     {
         entityPrivileges = {
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index 8080e6f69d..e54492d908 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp
@@ -17,7 +17,7 @@
 
 #include "error_messages.hpp"
 #include "node.hpp"
-#include "persistent_data_middleware.hpp"
+#include "persistent_data.hpp"
 
 namespace redfish
 {
@@ -27,7 +27,7 @@ class SessionCollection;
 class Sessions : public Node
 {
   public:
-    Sessions(CrowApp& app) :
+    Sessions(App& app) :
         Node(app, "/redfish/v1/SessionService/Sessions/<str>/", std::string())
     {
         entityPrivileges = {
@@ -46,7 +46,7 @@ class Sessions : public Node
     {
         // Note that control also reaches here via doPost and doDelete.
         auto session =
-            crow::persistent_data::SessionStore::getInstance().getSessionByUid(
+            persistent_data::SessionStore::getInstance().getSessionByUid(
                 params[0]);
 
         if (session == nullptr)
@@ -88,7 +88,7 @@ class Sessions : public Node
         }
 
         auto session =
-            crow::persistent_data::SessionStore::getInstance().getSessionByUid(
+            persistent_data::SessionStore::getInstance().getSessionByUid(
                 params[0]);
 
         if (session == nullptr)
@@ -117,8 +117,7 @@ class Sessions : public Node
         // DELETE should return representation of object that will be removed
         doGet(res, req, params);
 
-        crow::persistent_data::SessionStore::getInstance().removeSession(
-            session);
+        persistent_data::SessionStore::getInstance().removeSession(session);
     }
 
     /**
@@ -133,7 +132,7 @@ class Sessions : public Node
 class SessionCollection : public Node
 {
   public:
-    SessionCollection(CrowApp& app) :
+    SessionCollection(App& app) :
         Node(app, "/redfish/v1/SessionService/Sessions/"), memberSession(app)
     {
         entityPrivileges = {
@@ -150,8 +149,8 @@ class SessionCollection : public Node
                const std::vector<std::string>& params) override
     {
         std::vector<const std::string*> sessionIds =
-            crow::persistent_data::SessionStore::getInstance().getUniqueIds(
-                false, crow::persistent_data::PersistenceType::TIMEOUT);
+            persistent_data::SessionStore::getInstance().getUniqueIds(
+                false, persistent_data::PersistenceType::TIMEOUT);
 
         res.jsonValue["Members@odata.count"] = sessionIds.size();
         res.jsonValue["Members"] = nlohmann::json::array();
@@ -236,11 +235,10 @@ class SessionCollection : public Node
 #endif
 
         // User is authenticated - create session
-        std::shared_ptr<crow::persistent_data::UserSession> session =
-            crow::persistent_data::SessionStore::getInstance()
-                .generateUserSession(
-                    username, crow::persistent_data::PersistenceType::TIMEOUT,
-                    isConfigureSelfOnly, clientId, clientIp);
+        std::shared_ptr<persistent_data::UserSession> session =
+            persistent_data::SessionStore::getInstance().generateUserSession(
+                username, persistent_data::PersistenceType::TIMEOUT,
+                isConfigureSelfOnly, clientId, clientIp);
         res.addHeader("X-Auth-Token", session->sessionToken);
         res.addHeader("Location", "/redfish/v1/SessionService/Sessions/" +
                                       session->uniqueId);
@@ -264,7 +262,7 @@ class SessionCollection : public Node
 class SessionService : public Node
 {
   public:
-    SessionService(CrowApp& app) : Node(app, "/redfish/v1/SessionService/")
+    SessionService(App& app) : Node(app, "/redfish/v1/SessionService/")
     {
 
         entityPrivileges = {
@@ -286,8 +284,7 @@ class SessionService : public Node
         res.jsonValue["Id"] = "SessionService";
         res.jsonValue["Description"] = "Session Service";
         res.jsonValue["SessionTimeout"] =
-            crow::persistent_data::SessionStore::getInstance()
-                .getTimeoutInSeconds();
+            persistent_data::SessionStore::getInstance().getTimeoutInSeconds();
         res.jsonValue["ServiceEnabled"] = true;
 
         res.jsonValue["Sessions"] = {
diff --git a/redfish-core/lib/roles.hpp b/redfish-core/lib/roles.hpp
index 7819be8190..9c86d4bb28 100644
--- a/redfish-core/lib/roles.hpp
+++ b/redfish-core/lib/roles.hpp
@@ -73,7 +73,7 @@ inline bool getAssignedPrivFromRole(std::string_view role,
 class Roles : public Node
 {
   public:
-    Roles(CrowApp& app) :
+    Roles(App& app) :
         Node(app, "/redfish/v1/AccountService/Roles/<str>/", std::string())
     {
         entityPrivileges = {
@@ -121,8 +121,7 @@ class Roles : public Node
 class RoleCollection : public Node
 {
   public:
-    RoleCollection(CrowApp& app) :
-        Node(app, "/redfish/v1/AccountService/Roles/")
+    RoleCollection(App& app) : Node(app, "/redfish/v1/AccountService/Roles/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
diff --git a/redfish-core/lib/sensors.hpp b/redfish-core/lib/sensors.hpp
index f12bbe0669..99a03c9bf6 100644
--- a/redfish-core/lib/sensors.hpp
+++ b/redfish-core/lib/sensors.hpp
@@ -2998,7 +2998,7 @@ void retrieveUriToDbusMap(const std::string& chassis, const std::string& node,
 class SensorCollection : public Node
 {
   public:
-    SensorCollection(CrowApp& app) :
+    SensorCollection(App& app) :
         Node(app, "/redfish/v1/Chassis/<str>/Sensors/", std::string())
     {
         entityPrivileges = {
@@ -3069,7 +3069,7 @@ class SensorCollection : public Node
 class Sensor : public Node
 {
   public:
-    Sensor(CrowApp& app) :
+    Sensor(App& app) :
         Node(app, "/redfish/v1/Chassis/<str>/Sensors/<str>/", std::string(),
              std::string())
     {
diff --git a/redfish-core/lib/service_root.hpp b/redfish-core/lib/service_root.hpp
index b6bd6e0639..52e899ea15 100644
--- a/redfish-core/lib/service_root.hpp
+++ b/redfish-core/lib/service_root.hpp
@@ -25,10 +25,9 @@ namespace redfish
 class ServiceRoot : public Node
 {
   public:
-    ServiceRoot(CrowApp& app) : Node(app, "/redfish/v1/")
+    ServiceRoot(App& app) : Node(app, "/redfish/v1/")
     {
-        uuid = app.template getMiddleware<crow::persistent_data::Middleware>()
-                   .systemUuid;
+        uuid = persistent_data::getConfig().systemUuid;
         entityPrivileges = {
             {boost::beast::http::verb::get, {}},
             {boost::beast::http::verb::head, {}},
diff --git a/redfish-core/lib/storage.hpp b/redfish-core/lib/storage.hpp
index 922d323f25..0114c4e167 100644
--- a/redfish-core/lib/storage.hpp
+++ b/redfish-core/lib/storage.hpp
@@ -25,7 +25,7 @@ namespace redfish
 class StorageCollection : public Node
 {
   public:
-    StorageCollection(CrowApp& app) :
+    StorageCollection(App& app) :
         Node(app, "/redfish/v1/Systems/system/Storage/")
     {
         entityPrivileges = {
@@ -54,7 +54,7 @@ class StorageCollection : public Node
 class Storage : public Node
 {
   public:
-    Storage(CrowApp& app) : Node(app, "/redfish/v1/Systems/system/Storage/1/")
+    Storage(App& app) : Node(app, "/redfish/v1/Systems/system/Storage/1/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -275,7 +275,7 @@ class Storage : public Node
 class Drive : public Node
 {
   public:
-    Drive(CrowApp& app) :
+    Drive(App& app) :
         Node(app, "/redfish/v1/Systems/system/Storage/1/Drives/<str>/",
              std::string())
     {
diff --git a/redfish-core/lib/systems.hpp b/redfish-core/lib/systems.hpp
index 2baeaa7ae5..9ca95d5405 100644
--- a/redfish-core/lib/systems.hpp
+++ b/redfish-core/lib/systems.hpp
@@ -1647,7 +1647,7 @@ static void setWDTProperties(std::shared_ptr<AsyncResp> aResp,
 class SystemsCollection : public Node
 {
   public:
-    SystemsCollection(CrowApp& app) : Node(app, "/redfish/v1/Systems/")
+    SystemsCollection(App& app) : Node(app, "/redfish/v1/Systems/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -1704,7 +1704,7 @@ class SystemsCollection : public Node
 class SystemActionsReset : public Node
 {
   public:
-    SystemActionsReset(CrowApp& app) :
+    SystemActionsReset(App& app) :
         Node(app, "/redfish/v1/Systems/system/Actions/ComputerSystem.Reset/")
     {
         entityPrivileges = {
@@ -1867,7 +1867,7 @@ class Systems : public Node
     /*
      * Default Constructor
      */
-    Systems(CrowApp& app) : Node(app, "/redfish/v1/Systems/system/")
+    Systems(App& app) : Node(app, "/redfish/v1/Systems/system/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -2048,7 +2048,7 @@ class SystemResetActionInfo : public Node
     /*
      * Default Constructor
      */
-    SystemResetActionInfo(CrowApp& app) :
+    SystemResetActionInfo(App& app) :
         Node(app, "/redfish/v1/Systems/system/ResetActionInfo/")
     {
         entityPrivileges = {
diff --git a/redfish-core/lib/task.hpp b/redfish-core/lib/task.hpp
index fb2d0be76a..1b9077dec0 100644
--- a/redfish-core/lib/task.hpp
+++ b/redfish-core/lib/task.hpp
@@ -244,7 +244,7 @@ struct TaskData : std::enable_shared_from_this<TaskData>
 class TaskMonitor : public Node
 {
   public:
-    TaskMonitor(CrowApp& app) :
+    TaskMonitor(App& app) :
         Node((app), "/redfish/v1/TaskService/Tasks/<str>/Monitor/",
              std::string())
     {
@@ -301,7 +301,7 @@ class TaskMonitor : public Node
 class Task : public Node
 {
   public:
-    Task(CrowApp& app) :
+    Task(App& app) :
         Node((app), "/redfish/v1/TaskService/Tasks/<str>/", std::string())
     {
         entityPrivileges = {
@@ -376,7 +376,7 @@ class Task : public Node
 class TaskCollection : public Node
 {
   public:
-    TaskCollection(CrowApp& app) : Node(app, "/redfish/v1/TaskService/Tasks/")
+    TaskCollection(App& app) : Node(app, "/redfish/v1/TaskService/Tasks/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -416,7 +416,7 @@ class TaskCollection : public Node
 class TaskService : public Node
 {
   public:
-    TaskService(CrowApp& app) : Node(app, "/redfish/v1/TaskService/")
+    TaskService(App& app) : Node(app, "/redfish/v1/TaskService/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
diff --git a/redfish-core/lib/thermal.hpp b/redfish-core/lib/thermal.hpp
index 90ad3bb843..84cef2b2ae 100644
--- a/redfish-core/lib/thermal.hpp
+++ b/redfish-core/lib/thermal.hpp
@@ -24,7 +24,7 @@ namespace redfish
 class Thermal : public Node
 {
   public:
-    Thermal(CrowApp& app) :
+    Thermal(App& app) :
         Node((app), "/redfish/v1/Chassis/<str>/Thermal/", std::string())
     {
         entityPrivileges = {
diff --git a/redfish-core/lib/update_service.hpp b/redfish-core/lib/update_service.hpp
index 0b151d9463..c695a9bed2 100644
--- a/redfish-core/lib/update_service.hpp
+++ b/redfish-core/lib/update_service.hpp
@@ -376,7 +376,7 @@ static void monitorForSoftwareAvailable(std::shared_ptr<AsyncResp> asyncResp,
 class UpdateServiceActionsSimpleUpdate : public Node
 {
   public:
-    UpdateServiceActionsSimpleUpdate(CrowApp& app) :
+    UpdateServiceActionsSimpleUpdate(App& app) :
         Node(app,
              "/redfish/v1/UpdateService/Actions/UpdateService.SimpleUpdate/")
     {
@@ -506,7 +506,7 @@ class UpdateServiceActionsSimpleUpdate : public Node
 class UpdateService : public Node
 {
   public:
-    UpdateService(CrowApp& app) : Node(app, "/redfish/v1/UpdateService/")
+    UpdateService(App& app) : Node(app, "/redfish/v1/UpdateService/")
     {
         entityPrivileges = {
             {boost::beast::http::verb::get, {{"Login"}}},
@@ -685,8 +685,7 @@ class UpdateService : public Node
 class SoftwareInventoryCollection : public Node
 {
   public:
-    template <typename CrowApp>
-    SoftwareInventoryCollection(CrowApp& app) :
+    SoftwareInventoryCollection(App& app) :
         Node(app, "/redfish/v1/UpdateService/FirmwareInventory/")
     {
         entityPrivileges = {
@@ -761,8 +760,7 @@ class SoftwareInventoryCollection : public Node
 class SoftwareInventory : public Node
 {
   public:
-    template <typename CrowApp>
-    SoftwareInventory(CrowApp& app) :
+    SoftwareInventory(App& app) :
         Node(app, "/redfish/v1/UpdateService/FirmwareInventory/<str>/",
              std::string())
     {
diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp
index cd81857af3..dbe29b15d8 100644
--- a/redfish-core/lib/virtual_media.hpp
+++ b/redfish-core/lib/virtual_media.hpp
@@ -248,7 +248,7 @@ static void getVmData(std::shared_ptr<AsyncResp> aResp,
 class VirtualMediaActionInsertMedia : public Node
 {
   public:
-    VirtualMediaActionInsertMedia(CrowApp& app) :
+    VirtualMediaActionInsertMedia(App& app) :
         Node(app,
              "/redfish/v1/Managers/<str>/VirtualMedia/<str>/Actions/"
              "VirtualMedia.InsertMedia",
@@ -831,7 +831,7 @@ class VirtualMediaActionInsertMedia : public Node
 class VirtualMediaActionEjectMedia : public Node
 {
   public:
-    VirtualMediaActionEjectMedia(CrowApp& app) :
+    VirtualMediaActionEjectMedia(App& app) :
         Node(app,
              "/redfish/v1/Managers/<str>/VirtualMedia/<str>/Actions/"
              "VirtualMedia.EjectMedia",
@@ -996,7 +996,7 @@ class VirtualMediaCollection : public Node
     /*
      * Default Constructor
      */
-    VirtualMediaCollection(CrowApp& app) :
+    VirtualMediaCollection(App& app) :
         Node(app, "/redfish/v1/Managers/<str>/VirtualMedia/", std::string())
     {
         entityPrivileges = {
@@ -1070,7 +1070,7 @@ class VirtualMedia : public Node
     /*
      * Default Constructor
      */
-    VirtualMedia(CrowApp& app) :
+    VirtualMedia(App& app) :
         Node(app, "/redfish/v1/Managers/<str>/VirtualMedia/<str>/",
              std::string(), std::string())
     {
diff --git a/src/token_authorization_middleware_test.cpp b/src/token_authorization_middleware_test.cpp
index 3ac7947b94..fcb5b65e80 100644
--- a/src/token_authorization_middleware_test.cpp
+++ b/src/token_authorization_middleware_test.cpp
@@ -1,5 +1,4 @@
 #include "token_authorization_middleware.hpp"
-#include "webserver_common.hpp"
 
 #include <condition_variable>
 #include <future>
@@ -27,7 +26,7 @@ class TokenAuth : public ::testing::Test
 
 TEST_F(TokenAuth, SpecialResourcesAreAcceptedWithoutAuth)
 {
-    CrowApp app(io);
+    App app(io);
     crow::token_authorization::requestRoutes(app);
     BMCWEB_ROUTE(app, "/redfish/v1")
     ([]() { return boost::beast::http::status::ok; });
@@ -72,9 +71,7 @@ TEST_F(TokenAuth, SpecialResourcesAreAcceptedWithoutAuth)
 // Tests that Base64 basic strings work
 TEST(TokenAuthentication, TestRejectedResource)
 {
-    App<crow::persistent_data::Middleware,
-        crow::token_authorization::Middleware>
-        app;
+    App app;
     app.bindaddr("127.0.0.1").port(45451);
     BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
     auto _ = async(std::launch::async, [&] { app.run(); });
@@ -108,9 +105,7 @@ TEST(TokenAuthentication, TestRejectedResource)
 // Tests that Base64 basic strings work
 TEST(TokenAuthentication, TestGetLoginUrl)
 {
-    App<crow::persistent_data::Middleware,
-        crow::token_authorization::Middleware>
-        app;
+    App app;
     app.bindaddr("127.0.0.1").port(45451);
     BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
     auto _ = async(std::launch::async, [&] { app.run(); });
@@ -144,9 +139,7 @@ TEST(TokenAuthentication, TestGetLoginUrl)
 // Tests boundary conditions on login
 TEST(TokenAuthentication, TestPostBadLoginUrl)
 {
-    App<crow::persistent_data::Middleware,
-        crow::token_authorization::Middleware>
-        app;
+    App app;
     app.bindaddr("127.0.0.1").port(45451);
     BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
     auto _ = async(std::launch::async, [&] { app.run(); });
@@ -236,9 +229,7 @@ class KnownLoginAuthenticator
 
 TEST(TokenAuthentication, TestSuccessfulLogin)
 {
-    App<crow::persistent_data::Middleware,
-        crow::token_authorization::Middleware>
-        app;
+    App app;
     app.bindaddr("127.0.0.1").port(45451);
     BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
     auto _ = async(std::launch::async, [&] { app.run(); });
@@ -318,4 +309,4 @@ TEST(TokenAuthentication, TestSuccessfulLogin)
     }
 
     app.stop();
-}
-\ No newline at end of file
+}
diff --git a/src/webserver_main.cpp b/src/webserver_main.cpp
index 036db5479a..2e043d77c7 100644
--- a/src/webserver_main.cpp
+++ b/src/webserver_main.cpp
@@ -14,17 +14,15 @@
 #ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
 #include <ibm/management_console_rest.hpp>
 #endif
-#include <persistent_data_middleware.hpp>
 #include <redfish.hpp>
 #include <redfish_v1.hpp>
 #include <sdbusplus/asio/connection.hpp>
 #include <sdbusplus/bus.hpp>
 #include <sdbusplus/server.hpp>
-#include <security_headers_middleware.hpp>
+#include <security_headers.hpp>
 #include <ssl_key_handler.hpp>
 #include <vm_websocket.hpp>
 #include <webassets.hpp>
-#include <webserver_common.hpp>
 
 #include <string>
 
@@ -34,8 +32,7 @@
 
 constexpr int defaultPort = 18080;
 
-template <typename... Middlewares>
-void setupSocket(crow::Crow<Middlewares...>& app)
+void setupSocket(crow::App& app)
 {
     int listenFd = sd_listen_fds(0);
     if (1 == listenFd)
@@ -68,7 +65,7 @@ int main(int argc, char** argv)
     crow::logger::setLogLevel(crow::LogLevel::Debug);
 
     auto io = std::make_shared<boost::asio::io_context>();
-    CrowApp app(io);
+    App app(io);
 
     // Static assets need to be initialized before Authorization, because auth
     // needs to build the whitelist from the static routes
@@ -104,6 +101,10 @@ int main(int argc, char** argv)
     crow::ibm_mc_lock::Lock::getInstance();
 #endif
 
+#ifdef BMCWEB_INSECURE_DISABLE_XSS_PREVENTION
+    cors_preflight::requestRoutes(app);
+#endif
+
     crow::login_routes::requestRoutes(app);
 
     BMCWEB_LOG_INFO << "bmcweb (" << __DATE__ << ": " << __TIME__ << ')';