Make permission denied redirects host relative.

This helps fix infinite redirect loops when HTTP_X_FORWARDED_HOST is
set, and fixes redirects back to external domains on authentication
errors.

Fixes #3207

lib/Cake/Controller/Component/AuthComponent.php

@@ -332,7 +332,7 @@ class AuthComponent extends Component {
 		if (!empty($this->loginRedirect)) {
 			$default = $this->loginRedirect;
 		}
-		$controller->redirect($controller->referer($default), null, true);
+		$controller->redirect($controller->referer($default, true), null, true);
 		return false;
 	}