diff --git a/core/modules/rest/lib/Drupal/rest/Tests/CsrfTest.php b/core/modules/rest/lib/Drupal/rest/Tests/CsrfTest.php
index caffe68..7395f06 100644
--- a/core/modules/rest/lib/Drupal/rest/Tests/CsrfTest.php
+++ b/core/modules/rest/lib/Drupal/rest/Tests/CsrfTest.php
@@ -20,13 +20,6 @@ class CsrfTest extends RESTTestBase {
   public static $modules = array('hal', 'rest', 'entity_test', 'basic_auth');
 
   /**
-   * The entity type to use for testing.
-   *
-   * @var string
-   */
-  protected $testEntityType = 'entity_test';
-
-  /**
    * A testing user account.
    *
    * @var \Drupal\user\Entity\User
@@ -80,7 +73,8 @@ public function testBasicAuth() {
     $this->curlExec($curl_options);
     $this->assertResponse(201);
     // Ensure that the entity was created.
-    $this->assertTrue(entity_load_multiple($this->testEntityType, NULL, TRUE), 'An entity was created in the database');
+    $loaded_entity = $this->loadEntityFromLocationHeader($this->drupalGetHeader('location'));
+    $this->assertTrue($loaded_entity, 'An entity was created in the database');
   }
 
   /**
@@ -103,7 +97,8 @@ public function testCookieAuth() {
     $this->curlExec($curl_options);
     $this->assertResponse(201);
     // Ensure that the entity was created.
-    $this->assertTrue(entity_load_multiple($this->testEntityType, NULL, TRUE), 'An entity was created in the database');
+    $loaded_entity = $this->loadEntityFromLocationHeader($this->drupalGetHeader('location'));
+    $this->assertTrue($loaded_entity, 'An entity was created in the database');
   }
 
   /**
diff --git a/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php b/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php
index d6fc9f9..c99865c 100644
--- a/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php
+++ b/core/modules/rest/lib/Drupal/rest/Tests/RESTTestBase.php
@@ -29,6 +29,13 @@
    */
   protected $defaultMimeType;
 
+  /**
+   * The entity type to use for testing.
+   *
+   * @var string
+   */
+  protected $testEntityType = 'entity_test';
+
   protected function setUp() {
     parent::setUp();
     $this->defaultFormat = 'hal_json';
@@ -295,4 +302,19 @@ protected function entityPermissions($entity_type, $operation) {
         }
     }
   }
+
+  /**
+   * Load an entity based on the location url returned in the location header.
+   *
+   * @param string $location_url
+   *   The URL returned in the Location header.
+   *
+   * @return \Drupal\Core\Entity\Entity|FALSE.
+   *   The entity or FALSE if there is no matching entity.
+   */
+  protected function loadEntityFromLocationHeader($location_url) {
+    $url_parts = explode('/', $location_url);
+    $id = end($url_parts);
+    return entity_load($this->testEntityType, $id);
+  }
 }