diff --git a/test/test_api_usage.py b/test/test_api_usage.py
index e0c4da09c..277410234 100644
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@@ -119,6 +119,30 @@ CSRF_TOKEN_KEY = '_csrf_token'
 CSRF_TOKEN = '123csrfforme'
 
 
+class AppConfigChange(object):
+  """ AppConfigChange takes a dictionary that overrides the global app config
+      for a given block of code. The values are restored on exit. """
+  def __init__(self, changes=None):
+    self._changes = changes or {}
+    self._originals = {}
+    self._to_rm = []
+
+  def __enter__(self):
+    for key in self._changes.keys():
+      try:
+        self._originals[key] = app.config[key]
+      except KeyError:
+        self._to_rm.append(key)
+      app.config[key] = self._changes[key]
+
+  def __exit__(self, type, value, traceback):
+    for key in self._originals.keys():
+      app.config[key] = self._originals[key]
+
+    for key in self._to_rm:
+      del app.config[key]
+
+
 class ApiTestCase(unittest.TestCase):
   maxDiff = None
 
@@ -4342,20 +4366,16 @@ class TestRepositoryImageSecurity(ApiTestCase):
                        expected_code=520)
 
       # Set the failover URL in the global config.
-      app.config['SECURITY_SCANNER_READONLY_FAILOVER_ENDPOINTS'] = ['http://failoverscanner']
+      with AppConfigChange({'SECURITY_SCANNER_READONLY_FAILOVER_ENDPOINTS': ['https://failoverscanner']}):
+        # Configure the API to return 200 for this layer.
+        layer_id = security_scanner.layer_id(layer)
+        security_scanner.set_ok_layer_id(layer_id)
 
-      # Configure the API to return 200 for this layer.
-      layer_id = security_scanner.layer_id(layer)
-      security_scanner.set_ok_layer_id(layer_id)
-
-      # Call the API and succeed on failover.
-      self.getResponse(RepositoryImageSecurity,
-                       params=dict(repository=ADMIN_ACCESS_USER + '/simple',
-                                   imageid=layer.docker_image_id, vulnerabilities='true'),
-                       expected_code=200)
-
-      # Remove the failover endpoints from the global config.
-      app.config['SECURITY_SCANNER_READONLY_FAILOVER_ENDPOINTS'] = []
+        # Call the API and succeed on failover.
+        self.getResponse(RepositoryImageSecurity,
+                         params=dict(repository=ADMIN_ACCESS_USER + '/simple',
+                                     imageid=layer.docker_image_id, vulnerabilities='true'),
+                         expected_code=200)
 
 
 class TestSuperUserCustomCertificates(ApiTestCase):