Making a note here that this issue has a solution posted by @liammoran in a follow-on thread here:
In my case, I had the good fortune of having a simple, working configuration that I'd put together for a test environment before setting up the production server that didn't work at first. By default, my production nginx servers all include the anti-clickjacking add-header directive for: X-Frame-Options: DENY;
R-Studio server uses iframes in the interpreter UI: relaxing that directive to add the header X-Frame-Options:SAMEORIGIN rather than DENY got R-Studio uploads working well.