Well...
If you have your content located at `some-bucket-name.s3.amazonaws.com`, that is where Unity is going to be looking for `crossdomain.xml`. The point of `crossdomain.xml` is to make sure that the third party domain (the bucket domain in this case) is okay with other applications touching its files. So stick a public `crossdomain.xml` file in your bucket and you should be good to go (you need to be accessing your bucket using the virtual domain not the `s3.amazonaws.com/some-bucket-name` method).
Remember, you can't tell Unity to look for the file in a special way (like through S3's authentication methods), so make sure that the `crossdomain.xml` is publicly readable (there should be no security issues with this as the file reveals practically nothing.
P.S. It might be a good idea to stick `encoding="UTF-8"` in your XML file header just to be safe that the file is interpreted as UTF-8.
If you are confused as to why the `crossdomain.xml` file needs to be where it needs to be, consider this: Bob is a user with malicious intent. He knows that Alice has special access (from her computer) to access certain files that Bob wants to get to (files located in an internal website `hidden.alicesite.com`. Bob creates a game that he invites Alice to play. The game is hosted at `bobsgame.example.com`. Bob uses Unity to make a request to `hidden.alicesite.com` to get various files. If Bob was able to put a `crossdomain.xml` file in webspace that he controlled, the `crossdomain.xml` file would have no purpose, as he could easily put it on his server. The `crossdomain.xml` file is not designed to protect *you*, but to protect the **user**.
↧