diff --git a/lib/url_helper.rb b/lib/url_helper.rb
index 4bbafe331f3..b1f10df26cd 100644
--- a/lib/url_helper.rb
+++ b/lib/url_helper.rb
@@ -77,15 +77,16 @@ class UrlHelper
   end
 
   def self.cook_url(url, secure: false, local: nil)
+    is_secure = SiteSetting.secure_media && secure
     local = is_local(url) if local.nil?
     return url if !local
 
-    url = secure ? secure_proxy_without_cdn(url) : absolute_without_cdn(url)
+    url = is_secure ? secure_proxy_without_cdn(url) : absolute_without_cdn(url)
 
     # we always want secure media to come from
     # Discourse.base_url_no_prefix/secure-media-uploads
     # to avoid asset_host mixups
-    return schemaless(url) if secure
+    return schemaless(url) if is_secure
 
     # PERF: avoid parsing url except for extreme conditions
     # this is a hot path used on home page
diff --git a/spec/components/url_helper_spec.rb b/spec/components/url_helper_spec.rb
index 0d8afc95981..36c66e79729 100644
--- a/spec/components/url_helper_spec.rb
+++ b/spec/components/url_helper_spec.rb
@@ -170,6 +170,8 @@ describe UrlHelper do
       Rails.configuration.action_controller.asset_host = "https://test.some-cdn.com/dev"
 
       FileStore::S3Store.any_instance.stubs(:has_been_uploaded?).returns(true)
+
+      SiteSetting.secure_media = true
     end
 
     def cooked
@@ -184,6 +186,16 @@ describe UrlHelper do
           "//test.localhost/secure-media-uploads/dev/original/3X/2/e/2e6f2ef81b6910ea592cd6d21ee897cd51cf72e4.jpeg"
         )
       end
+
+      context "and secure_media setting is disabled" do
+        before { SiteSetting.secure_media = false }
+
+        it "returns the local_cdn_url" do
+          expect(cooked).to eq(
+            "//s3bucket.s3.dualstack.us-west-1.amazonaws.com/dev/original/3X/2/e/2e6f2ef81b6910ea592cd6d21ee897cd51cf72e4.jpeg"
+          )
+        end
+      end
     end
 
     context "when the upload for the url is not secure" do