The API at https://api.random.org/json-rpc/1/invoke
is not responding with header Access-Control-Allow-Headers: accept, content-type
. Therefore the browser is rejecting the CORS request.
You can work-around the issue by using a CORS proxy. There are several projects out there you can use for testing (e.g. cors-anywhere comes as a npm module).
I prepared a demo which shows it in action.
The proxy forwards your request to the target and adds the required CORS headers to the response so that the browser stops complaining. When you take a look at the response headers from the proxy you will recognize:
Access-Control-Allow-Headers:accept, content-type
Access-Control-Allow-Methods:POST
Access-Control-Allow-Origin:*
Access-Control-Expose-Headers:location,x-request-url,x-final-url