Try this in the .htaccess of the external root folder :
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
And if it only concerns .js scripts you should wrap the above code inside this:
<FilesMatch "\.(js)$">
...
</FilesMatch>