My wife comes across pages that won't load, and keeps asking me to add them to the whitelist. I'd like to have a custom index.html page that would allow her (or anyone with a password) to add the currently blocked domain to a whitelist, and reload the page.
I'd like to see "This page has been blocked by pihole because of blah, blah... enter your password and click this button to add it to the whitelist"
I understand this request, but I have to say that it would require a softening of our security policy in several places.
Currently we only allow altering the lists from the admin interface itself to prevent (sufficiently intelligent) ad pages to add themselves. When the user sets a password we might accept the password itself as a sufficient criterion to allow modifying lists.
@Mcat12 might want to comment as well.
I could see this being useful in a family situation, and maybe even in the enterprise if it submitted a ticket to the system administrators for review.
In any case, we'll investigate it as we do all of the feature requests. Thanks for your submission!
Definitely with a password... I wouldn't want my 7 year old adding domains... 
Yep, this would require a password to be set and entered, and an update which moves the list editing to only use the password as auth if set instead of also using the CSRF token (but we can still use the token if there is no password).
This has been implemented and will become available with the blocking page on the next update.
