There are a couple of options.
One is to setup a netdestination with the sites/domain names in question. Then to add a rule to the Captive Portal policy to permit traffic to this netdestination/alias; placing the rule above the Captive Portal redirects.
Example:
(config)# netdestination allowed-ipad-sites
(config-dest)# name apple.com
(config)# ip access-list session <yourCPpolicy>
(config-sess-<yourCPpolicy>)# user alias allowed-ipad-sites any permit position 1
***this rule needs to be before any DST-NAT entries
A second option is to add a netdestination to the whitelist of the Captive Portal profile.
Example:
(config)# netdestination allowed-ipad-sites
(config-dest)# name apple.com
(config)# aaa authentication captive-portal <yourCPprofile>
(Captive Portal Authentication Profile <yourCPprofile>)#white-list allowed-ipad-sites