Note: I think that Tom's comment is correct and that the player would almost certainly handle the file correctly if the server included the correct MIME type in the response.
Having said that, the behaviour in browser is interesting even though your use case is iOS client based as you point out:
The following fiddle works fine on Chrome on a Mac and on IE on Windows but not on Safari:
<video width="320" height="240" controls>
<source src="http://ep-lin-upload.s3.amazonaws.com/vupl_lin/F64/CDF/F64CDF3B0348471E95C244DE2DDDD3F3" type="video/mp4">
</video>
Testing on a different server, i.e not using Amazon S3, and with different mp4 videos (e.g. BigBuckBunny) produces the same result: Chrome and IE are happy even if the extension is not there but Safari seems to require it or it will not play the video.
Update (or more accurately, updated update): looking at the request and response in both Safari and Chrome it seems that Safari is also not sending any headers in the request message. After some searching this appears to be an issue that has been seen before and S3 will reject requests without referer headers. You can update the S3 policy to allow a special referer header of 'empty' - see info below.
However, given that the same behaviour exists on a different server, it seems more likely that Chrome and IE assume that the 'type=video/mp4' info in the HTML is correct and hence interpret the content this way, while Safari looks at the content type in the response to make its decision (i.e. Chrome plays the returned file as video even though the response header says 'Content-Type:application/octet-stream' rather than 'video/mp4').
For more information on the S3 header policies mentioned above, take a look at the section "Restricting Access to a Specific HTTP Referrer" in this S3 policy page for more information on policies and the referrer header:
In particular the following note:
Suppose you have a website with domain name (www.example.com or example.com) with links to photos and videos stored in your S3 bucket, examplebucket. By default, all the S3 resources are private, so only the AWS account that created the resources can access them. To allow read access to these objects from your website, you can add a bucket policy that allows s3:GetObject permission with a condition, using the aws:referer key, that the get request must originate from specific webpages.
AVPlayerwould handle it if the MIME type were correct. That URL has a content type ofapplication/octet-stream, which is just generic binary data. If it were something likevideo/mp4orvideo/mpegit would probably be fine.AVPlayerneeds some kind of clue about the data you're giving it. – Sadye